Andreas Hartmann wrote:
Joern Nettingsmeier wrote:
Andreas Hartmann wrote:
Joern Nettingsmeier wrote:
Andreas Hartmann wrote:
Joern Nettingsmeier wrote:
[...]
can't we just use the mechanisms which are there?
add role "session".
<world>
<role id="session"/>
</world>
That would mean to open the authoring area for everyone ...
sorry, i just typed the stuff from memory without checking.
what i meant was:
create a new role "session", add world to this role, check for that
role
in the ac.log[in|out] usecases.
Yes, I guess I understood it correctly.
With the current implementation, if you give the role "session"
to the world, you allow everyone to enter the authoring area
without logging in.
Maybe we should change this behaviour and require the role
"visit" for visiting pages. This would allow to assign roles
to the world.
sorry, i wasn't aware that the session role exists already...
No, it doesn't exist :)
I wasn't specific enough, let me rephrase my statement:
With the current implementation, if you give *any* role
to the world, you allow everyone to enter the authoring area
without logging in.
that is unfortunate for huge values of unfortunate.
imho this needs to be fixed before a release can happen. what's the
rationale behind this behaviour?
The intention was that you don't have to introduce a special role
to be able to access pages, i.e. any role would imply that you can
at least access the page.
ah, ok. let's get rid of it, we have a "visit" role for that.
world can access the usecases, but only accredited users can visit the
authoring page.
can we implement the same security principle as with the usecases for
locations?
Could you explain this a little more detailed?
ignore me. i had misunderstood the way ac works for documents.
--
"Open source takes the bullshit out of software."
- Charles Ferguson on TechnologyReview.com
--
Jörn Nettingsmeier, EDV-Administrator
Institut für Politikwissenschaft
Universität Duisburg-Essen, Standort Duisburg
Mail: [EMAIL PROTECTED], Telefon: 0203/379-2736
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
