DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42952>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42952 ------- Additional Comments From [EMAIL PROTECTED] 2007-07-23 03:04 ------- (In reply to comment #2) > I don't think it is wrong. If I want to allow someone to edit the pages, I > don't > want to be forced to explicitely allow them to view the pages. IMO all roles > should "inherit" from the visit role (which is basically the case now). i don't care too much if users who hold the roles "admin", "edit", or "review" inherit visit rights automatically. but then the code should spell that out. seriously, roles.length > 0 is not something i'd want to read in security-related code. it's conceptually wrong, and it just worked by accident. it makes a totally unwarranted assumption, and wrecks the flexibility of the ac code, since it effectively prevents the creation of other meaningful roles. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
