Hello Nathalie,
The user_subtree is a tree for every user, that contains their
repository categories and content objects. In that tree you can check if
a user has rights on another users categories/content (not if a user can
access an admin component).
The is_allowed_in_users_subtree method is currently used for the share
rights. It only returns true when you have the right or you are a
platform admin. Did you test as platform admin? or anonymous user? (I
haven't really tested the behaviour of the anonymous user)
For now i would only check is_platform_admin. If needed we can create a
tree for the admin components and give the posibility to set custom rights.
Pieterjan
Op 9/06/11 12:13, Nathalie Blocry schreef:
Hi all,
I was checking what an anonymous user can do and i found that it is
possible for any user to view, delete and create platform users.
I thought it was simply a matter of implementing an "is allowed check"
in all the components, but when i wanted to do that I saw that it had
alreaday been implemented, but was "turned off" some months ago for
speed issues.
now every component does a check with the is_allowed_in_user_subtree
method BUT the method always returns true.
my question is: should this be again re-implemented with use of the
complete right system (like it was, but it must have been turned off for
a reason) or should I just do a check on is_platform_admin without the
possibility of ever giving the creation, editing, ... right to anybody else?
Nathalie
_______________________________________________
Dev mailing list
Dev@lists.chamilo.org
http://lists.chamilo.org/listinfo/dev
_______________________________________________
Dev mailing list
Dev@lists.chamilo.org
http://lists.chamilo.org/listinfo/dev
