Ability to restrict internal link navigation within the widget
complete
Nivedha Mohan
For widgets configured with JWT, categories and articles are displayed based on the reader group ACL. However, the reader group ACL is currently not enforced for internal link navigation within the widget.
As a result, even though users do not have access to certain restricted articles, those articles can still be accessed if they are linked within another article.
Log In
umamaheswari baskaran
marked this post as
complete
umamaheswari baskaran
Hi All - This has been shipped as part of April 12.4.1 release
Link to release notes : https://docs.document360.com/shared/7e1d1a39-58c3-41e3-a5f5-5f6a8bd81ee5
Mohamed Shakheen
marked this post as
under review
Mohamed Shakheen
Hi Dusk blue Perch Nivedha
Thank you for bringing this to our attention.
Currently, when widgets are configured using Document360 JWT authentication, the category and article visibility is correctly controlled based on the Reader Group Access Control (ACL). However, we understand the concern that internal links within articles are not enforcing the same Reader Group ACL restrictions, which could allow users to access restricted articles through embedded links.
We acknowledge that this behavior can create access control inconsistencies and may expose content that should otherwise remain restricted.
We will evaluate this scenario in detail to understand the underlying impact and determine the best way to ensure Reader Group ACL enforcement is consistently applied across internal link navigation within widgets as well.
We appreciate you highlighting this case, and we will keep this under review as part of our ongoing improvements.
Nivedha Mohan
Raised on behalf of Dusk blue Perch