As my previous post "bug in ACL evaluation" this is a "short" story of a
user-list issue. Boris asked me to post it here, to read full story see
user list "problems defining multiple roles" (first reply, Point 1)
The pre-defined roles in v2.1 (superuser, editor, etc) explicitly deny
access to the buttons of admin interface that are not needed by that
role. That has the effect that if you assign e.g. editor and
securitymanager (that is both roles!) to a user, that user can't see any
botton at all when logging into admin interface.
Better way to define access to bottons for a role would be to explicitly
deny access to the bottons not needed, but also explicitly grant access
to the bottons needed. This would overwrite a possible "deny access" to
needed bottons of other roles. At least in theory - it doesn't
completely because it seems ACLs are not evaluated correctly - see my
"bug in ACL evaluation?" for details.
I think this would make things easier and less confusing to new users.
Regards,
tom
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
