Permissions for trees + mutliple roles is complicated. There isn't really any way around it. The basic rules that we have settled on is: 1) The most permission permission on a node is returned. If one role grants permission, but another denies it, permission is granted. 2) '0' == inherit == refer to parent (0 + no parent == Deny) 3) The root node, by default, grants View to Anonymous
In practical terms that means that if you want to restrict a navigation node to a particular role you need to: - DENY access for Anonymous (breaks the inheritance of grant from root) - GRANT access for that role (trumps the deny when that role is present) Does this make sense? Blair On Thu, Dec 17, 2009 at 10:59 AM, Chris Roth <[email protected]> wrote: > ok.. so if I set anonymous to explicitly deny on the node it appears > to work, but this seems like there might be a bug in genericnav no > respecting inheirited permissions. I hate to have to go in and > explicitly set deny on subnavs of protected navs. > > ideas? > > -- > You received this message cos you are subscribed to "farcry-dev" Google > group. > To post, email: [email protected] > To unsubscribe, email: > [email protected]<farcry-dev%[email protected]> > For more options: http://groups.google.com/group/farcry-dev > -------------------------------- > Follow us on Twitter: http://twitter.com/farcry > -- You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry
