Description: As a dotCMS administrator, I want to restrict the additional information fields (modUser, modUserName, owner, modDate) in the content API endpoint to be visible only for users with the backend user role, so that sensitive information is not exposed to unauthorized users.
Acceptance Criteria
Only users with the backend user role should be able to view the additional information fields in the content API endpoint.
Unauthorized users should not have access to the modUser, modUserName, owner, and modDate fields.
Ensure that the whitelist functionality is implemented successfully and restricts the visibility of the specified fields as intended.
Proposed Objective
"Core Features"
Proposed Priority
"Priority 3 - Average"
External Links
"N/A"
Assumptions & Initiation Needs
Backend user roles are already defined and functioning properly in the dotCMS system.
The implementation of the whitelist functionality will not affect the overall performance of the content API endpoint.
Quality Assurance Notes & Workarounds
QA team should verify that only backend users can access the additional information fields in the content API.
Workaround: If the whitelist functionality is not working as expected
fmontes
commented
1 month ago
User Story
Description: As a dotCMS administrator, I want to restrict the additional information fields (modUser, modUserName, owner, modDate) in the content API endpoint to be visible only for users with the backend user role, so that sensitive information is not exposed to unauthorized users.
Acceptance Criteria
Proposed Objective
"Core Features"
Proposed Priority
"Priority 3 - Average"
External Links
"N/A"
Assumptions & Initiation Needs
Quality Assurance Notes & Workarounds