|
Hello,
I'm attempting to set up security on a collection in slide and
I have a question. How do you block all users from seeing the contents of
a collection but still maintain the ability to allow specific users to see
certain contents of that collection?
For example, I have a collection called foo and it
contains collections foo1, foo2, foo3. Know lets say I have user1 and I
only want him to see foo2. How can I hide foo1 and foo2 from him without
having to explicitly lock him out by adding a negative read ACL on each
collection.
I've tried setting foo, foo2 and foo3 this
way:
<permission action="/actions/read" subject="user"
inheritable="false" negative="true" />
This will hide foo1-3 but when I add an ACL for user1 to
enable read for foo2:
<permission action="/actions/read" subject="/users/user1"
inheritable="false" negative="false" />
user1 cannot access foo2 because he is a member of the "user" role which was set to read = false. Is this a bug? I would think that user1 should be able to access the collection since his read rights are explicitly stated. Can someone please tell me how to accomplish this?
Thanks in advance,
Matt
|
- Re: Security - How to? Matthew Stone
- Re: Security - How to? Remy Maucherat
