2009/3/6 Owen Winkler <[email protected]>: > > On Thu, Mar 5, 2009 at 11:23 PM, Michael Harris > <[email protected]> wrote: >> >>>> 2. do the private posts plugin. >> >> Done. > > Is this somewhere in -extras now? Were any updates made to it? Just curious.
It's in core in r3293, based on the discussion and vote at http://groups.google.com/group/habari-dev/browse_thread/thread/2639e985d6be20c4 I made some changes, denied the anonymous group mainly, and tested. > Also, I think this doesn't work I think there is a bug in ACL that > prevents it. If this bug does exist (didn't have time to test before > I left) then it is blocking. > > Basically, under these conditions: > > 1. A user has been granted read access to a token. > 2. That token is applied to at least one post. > 3. That token is not applied to at least one post that the user has access to. > 4. The user does not have super_user or post_all (only post_entry > and/or post_page). > > ...the user won't be able to read posts that don't have that token. > > To reproduce, create a user, add the private post plugin, make one > post private, give that user access to private posts, then log in as > that user and you won't be able to see posts that are NOT private. Yes, you're right. The plugin probably doesn't work exactly how it should either because if users aren't denied (ie they have no specific permissions for the 'private' token) they can see the private post. > I think. I probably should add this as a ticket, but I'm away and > both lazy to the point of not wanting to load Trac, and habitual to > the point of writing out a complete report here instead. > > I won't be back from the Drupal madness until Saturday, and when I get > back I'm going to want to lay down for a while. I don't know how that > affects a 0.6 release ... Given that ACL is _the_ main feature of this release, and we're including this plugin as an indication of how simple it is, it probably should work right :) > but if you want to look at it, see this line posts.php: > > $perm_where[] = '{posts}.content_type IN (' . implode(',', > $permitted_post_types) . ')'; I see the line, now what ;) -- Michael C. Harris, School of CS&IT, RMIT University http://twofishcreative.com/michael/blog IRC: michaeltwofish #habari --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev -~----------~----~----~----~------~----~------~--~---
