Hi Tomek This is an issue we come up against ourselves, so I've taken a bit of a break from actual work to add a permission tester to the Manage Permissions dialog in the 6.x branch. If you update and test with that hopefully get a clearer idea of the issue. Unfortunately I looked into the code, I didn't find anything that would account for the issue you're getting. The genericnav tag uses the View permission, so it should respond to the same permissions as when actually browsing the page.
Blair On Wed, May 5, 2010 at 7:04 AM, Tomek Kott <[email protected]> wrote: > Hmmm... as I was writing that email, I thought I'd check something. Lo and > behold, setting: > > > > Login Page (permissions set explicitly: anonymous "deny", member "grant") > |-- Admin page (permissions set explicitly: anonymous "deny", member > "deny", administrator "grant") > > Worked (notice the addition of anonymous "deny" explicitly). > > Could someone tell me why this is necessary if I've already set the parent > (Login) to explicitly deny anonymous? > > > On Tue, May 4, 2010 at 5:01 PM, Tomek Kott <[email protected]> wrote: > >> Update on this: >> >> I've checked this after updating Security many many times.... >> >> Members have two roles applied: member and anonymous. >> >> It turns out that I can check the permissions by hand, and each role >> SEPARATELY returns the correct value (0). However, when the permission check >> is with the getCurrentRoles() (which returns a list of the two roles), the >> permission is returned incorrectly. >> >> I've check that both >> >> application.security.checkPermission() >> >> and >> >> application.security.factory.barnacle.checkPermission() >> >> return the same incorrect response. While looking through all these >> function, it appears that the permission functions check against the >> navigation tree. So that might be a problem, but here is what I have: >> >> Login Page (permissions set explicitly: anonymous "deny", member "grant") >> |-- Admin page (permissions set explicitly: member "deny", administrator >> "grant") >> >> This setup does not work. >> >> Any thoughts? >> >> On Tue, May 4, 2010 at 10:39 AM, Tomek Kott <[email protected]> wrote: >> >>> Hi Folks, >>> >>> I have a login section of my website (5.1.12), which has permissions set >>> to "Deny" for Anonymous, and "Grant" for members. This works great and as >>> expected. >>> >>> In this login section, I also have a subnavigation item that redirects to >>> a different navigation item outside the login area. Both this subnavigation >>> AND the redirected navigation have permissions set to "Deny" for Anonymous >>> AND "Deny" for Members, so that only some middle administrators can see it. >>> >>> The logged in page has a <skin:genericNav> tag, which has >>> bHideSecuredNodes="true". This seems to work in other parts of the website. >>> However, when logging in with a test account that only has member >>> permissions, I can still SEE the link. Clicking on the link doesn't do >>> anything (and doesn't throw any errors), but I can nonetheless see the link. >>> >>> >>> So it seems somewhere something is broken, but I don't really know where >>> that could be. Any ideas? Do I need to go looking through the genericNav and >>> see if there is permissions checking there? >>> >>> Thanks, >>> Tomek >>> >> >> > -- > You received this message cos you are subscribed to "farcry-dev" Google > group. > To post, email: [email protected] > To unsubscribe, email: > [email protected]<farcry-dev%[email protected]> > For more options: http://groups.google.com/group/farcry-dev > -------------------------------- > Follow us on Twitter: http://twitter.com/farcry > -- You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry
