Ability to restrict internal link navigation within the widget
under review
Nivedha Mohan
For widgets configured with JWT, categories and articles are displayed based on the reader group ACL. However, the reader group ACL is currently not enforced for internal link navigation within the widget.
As a result, even though users do not have access to certain restricted articles, those articles can still be accessed if they are linked within another article.
Log In
Mohamed Shakheen
marked this post as
under review
Mohamed Shakheen
Hi Dusk blue Perch Nivedha
Thank you for bringing this to our attention.
Currently, when widgets are configured using Document360 JWT authentication, the category and article visibility is correctly controlled based on the Reader Group Access Control (ACL). However, we understand the concern that internal links within articles are not enforcing the same Reader Group ACL restrictions, which could allow users to access restricted articles through embedded links.
We acknowledge that this behavior can create access control inconsistencies and may expose content that should otherwise remain restricted.
We will evaluate this scenario in detail to understand the underlying impact and determine the best way to ensure Reader Group ACL enforcement is consistently applied across internal link navigation within widgets as well.
We appreciate you highlighting this case, and we will keep this under review as part of our ongoing improvements.
Nivedha Mohan
Raised on behalf of Dusk blue Perch