> If the user that is to maintain sitegroup 3 logs in with user+sitegroup_name
> then the following settings are active in the root page of the admin site:
>
> $midgard->user = 7
> $midgard->root = 0
> $midgard->sitegroup = 3
> $midgard->admin = 0
OK, so this user is not the admin for this sitegroup, or admin would be
non-0.
> Now why, when I am going to the host admin, it lists all sites in sitegroup
> 3 plus the admin site (the only site in sitegroup 0)? It does not list sites
> in groups 2&3, which is ok.
>
> This behavior is repeated for all other items as well (content, style and
> group). The same applies to the user in sitegroup 2, he also gets to modify
> everything in sitegroup 0 and sitegroup 2.
>
> Is this by design? If not (and I hope and think it is not) then what could
> possibly be wrong.
This is by design. To see why, you have to separate the core functionality
and the admin site, which is just a Midgard application and has no ties
whatsoever to the Midgard core.
Anything that is in SG0 will blend seamlessly with the sitegroup you are
logged into, which is why you see all off the admin site too. You should
only be able to view this data, in no instance be able to modify it,
unless you're logged in as root (with the '*').
If you don't want to see the admin site, you'll have to change the admin
site to not show SG0 resources, or build a new one. It's just an
application.
> I have also noticed some strange behavior that I cannot explain. When there
> is no member record that links a user to a group, the user is seen as a
> "user". When I create a member record, setting the info field to any value
> (nothing, member or owner), midgard sees this user as an administrator? Is
> this correct?
No, this would not be correct. In an SG environment, only members of the
group that is marked as the admingroup in the SG record shall be
administrators. The info field regulates normal ownership permissions. I
didn't design those, so maybe someone else can tell you about their exact
semantics. It is likely, though, that setting the info field to non-0
would set ownership.
> Also, why is a plain "user" able to create new hosts? Shouldn't this
> be disabled for users and only enabled for administrators. Basically
> in midgard terms what is the difference between a user and a
> administrator, in my setup it doesn't seem to matter.
Only root users, noone else, should be able to create new hosts. If you
log in with '+' you should under no circumstance be able to create new
hosts or delete existing hosts, or even change name, port and prefix
settings for existing hosts.
The admin user can be seen as a normal user within the sitegroup with
implicit ownership of every resource in that sitegroup, excluding the host
fields as outlined above.
Emile
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
