Should we issue a Nuxeo Core release 1.0.1 soon (friday?), then ?
S.
On Nov 6, 2006, at 10:47 AM, Bogdan Stefanescu wrote:
Security is working now on the core (user groups was not yet tested
since NuxeoPrincipal is not yet available)
There are 2 builtin users "Administrator" and "anonymous"
Administrator has all privileges on the repository tree (these
privileges are initialized each time a session is started if they
are missing)
The anonymous principal has no builtin privileges.
This means to be able to do something with the repository you
should use a real user with real privileges.
I've modified tests so that the Administrator user is used to login.
The core API remote test is no more working since it use the user
"q" that have no privileges set -
we should change this tomorrow hopping that the user directory will
be ready to be used.
In a real application to be able to do something we will need to
log in first with the Administrator user and create new users and
assign them privileges.
Then you could use one of this user to log-in.
I'ev not completely tested security but the security checks seems
to work when using permissions groups and ACP inheritance.
I need to do more tests to cover all use cases and also to test the
user groups.
Bogdan
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
--
Stefane Fermigier, CEO, Nuxeo SAS
Open Source Enterprise Content Management (ECM)
Web: http://www.nuxeo.com/ - Tel: +33 1 40 33 79 87
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
