On 06/06/2017 10:50, Daniel Gruno wrote:
On 06/06/2017 08:15 AM, Francesco Chicchiriccò wrote:
Hi all,
until recently (at least one week ago, but possibly later), I had my
corporate Ponymail deployment successfully hide private lists from
unauthenticated view.
After recent upgrades (not sure exactly which one, as said) instead,
private lists are always shown, and their content is available even
before authentication.
Did something related to that change lately?
Regards.
I know there has been some work on completely redoing the way the AAA
libraries work, perhaps this is the cause?
are you on master?
Yes sir.
is hidePrivate set to true in the config?
I have
./site/api/lib/config.lua: hidePrivate = true
did you update your own AAA to work with the new format?
Not lately: any pointer about how to do that?
I used to have
site/api/lib/aaa.lua.tirasa
but now it seems such file must be named
site/api/lib/aaa_site.lua
(which is under GIT control) instead. Is this correct?
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
