On 6 June 2017 at 10:55, Francesco Chicchiriccò <[email protected]> wrote: > On 06/06/2017 10:50, Daniel Gruno wrote: >> >> On 06/06/2017 08:15 AM, Francesco Chicchiriccò wrote: >>> >>> Hi all, >>> until recently (at least one week ago, but possibly later), I had my >>> corporate Ponymail deployment successfully hide private lists from >>> unauthenticated view. >>> >>> After recent upgrades (not sure exactly which one, as said) instead, >>> private lists are always shown, and their content is available even >>> before authentication. >>> >>> Did something related to that change lately? >>> >>> Regards. >> >> I know there has been some work on completely redoing the way the AAA >> libraries work, perhaps this is the cause? >> >> are you on master? > > > Yes sir. > >> is hidePrivate set to true in the config? > > > I have > > ./site/api/lib/config.lua: hidePrivate = true > >> did you update your own AAA to work with the new format? > > > Not lately: any pointer about how to do that? > > I used to have > > site/api/lib/aaa.lua.tirasa
That is not a PonyMail filename. You must have created that. > but now it seems such file must be named > > site/api/lib/aaa_site.lua Yes, that is the local (customised) file which is called from aaa.lua: https://github.com/apache/incubator-ponymail/blob/master/site/api/lib/aaa.lua > (which is under GIT control) instead. Is this correct? aaa_site.lua is not under git control. However there are some examples under https://github.com/apache/incubator-ponymail/tree/master/aaa_examples If you don't provide the file, then *no* rights will be granted. See also https://github.com/apache/incubator-ponymail/blob/master/RELEASE-NOTES.md https://github.com/apache/incubator-ponymail/issues/290 https://github.com/apache/incubator-ponymail/issues/295 > > Regards. > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ >
