DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42952>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42952 ------- Additional Comments From [EMAIL PROTECTED] 2007-07-23 02:21 ------- (In reply to comment #0) > the document authorizer grants access to a page if a user holds *any* role. > this > is wrong. the bug surfaced when a "session" role was added to allow all users > access to login/logout usecases regardless of their other privileges. I don't think it is wrong. If I want to allow someone to edit the pages, I don't want to be forced to explicitely allow them to view the pages. IMO all roles should "inherit" from the visit role (which is basically the case now). -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
