Security is working now on the core (user groups was not yet tested
since NuxeoPrincipal is not yet available)
There are 2 builtin users "Administrator" and "anonymous"
Administrator has all privileges on the repository tree (these
privileges are initialized each time a session is started if they are
missing)
The anonymous principal has no builtin privileges.
This means to be able to do something with the repository you should use
a real user with real privileges.
I've modified tests so that the Administrator user is used to login.
The core API remote test is no more working since it use the user "q"
that have no privileges set -
we should change this tomorrow hopping that the user directory will be
ready to be used.
In a real application to be able to do something we will need to log in
first with the Administrator user and create new users and assign them
privileges.
Then you could use one of this user to log-in.
I'ev not completely tested security but the security checks seems to
work when using permissions groups and ACP inheritance.
I need to do more tests to cover all use cases and also to test the user
groups.
Bogdan
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
