DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42864>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42864 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From [EMAIL PROTECTED] 2007-08-12 14:20 ------- more or less fixed now. ac.login settings have no consequence, since ac.login is sneaked past the usecase authorizer in the global sitemap. a "session" role has been introduced that grants access to ac.logout regardless of other roles. the admin can still disable it, but then why should we have to be idiot-proof? we might think about removing the global-sitemap hack and rely on a "session" role being granted to <world/> instead - one less special case, and a nice hook for an admin to disable access to the authoring area temporarily. but i don't really know the implications - can we have a meaningful usecase authorizer before we have logged in to a publication? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
