[
http://jira.magnolia-cms.com/browse/MAGNOLIA-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=29011#action_29011
]
Arjan van Bentem edited comment on MAGNOLIA-2156 at 7/12/10 5:06 PM:
---------------------------------------------------------------------
Also:
1- This does not seem to use the superuser account to delete the content. If
the user who is trying to delete the content does not exist on the public
instance, then a 401 is shown in the log file. For "normal" activation using
workflow, it seems that superuser is used to do the actual activation (even if
someone who is not superuser has approved and proceeded the workflow)?
2- As the version history is shown by right-clicking a node, there's no (easy?)
way to see who has deleted the content when that node no longer exists, and
hence cannot be right-clicked to show the history either. (I don't know if the
version history is kept elsewhere, or is gone when a node is deleted. Enabling
audit logging might at least give some clue about what happened.)
was (Author: avbentem):
Also, as the version history is shown by right-clicking a node, there's no
(easy?) way to see who has deleted the content when that node no longer exists,
and hence cannot be right-clicked to show the history either.
(I don't know if the version history is kept elsewhere, or is gone when a node
is deleted. Enabling audit logging might at least give some clue about what
happened.)
> Editors can delete content (direct activation)
> ----------------------------------------------
>
> Key: MAGNOLIA-2156
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-2156
> Project: Magnolia
> Issue Type: Improvement
> Components: activation
> Affects Versions: 3.5.4
> Reporter: Olivier Marti
> Assignee: Philipp Bärfuss
>
> In a setup where approvers must approve changes (trough workflow) on the
> website before going live (activated to the public instance) it's bad
> behavior if Editors can delete content and this get's activated immediately.
> So and ACL possibilty to prevent user from deleting content and only allowing
> them to edit/view content would be great.
> Or, at least, in general prevent them from activating content.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
