Hi Matteo,
The algorithm uses just one ACL, which is the ACL with the longest path. As all your ACLs have the same length Magnolia uses exactly one of them and as much as I know you cannot say which one. Think about using $ as the end of a regex expression to increase the path length and try to avoid DENY when designing roles.
BTW it does not look to make much sense if an editor canNotEdit a Page ;-) Ralf Zitat von Matteo Pelucco <[email protected]>:
Hi all, a question about ACL execution order. Imagine something like this: - a role "canEditPage" with R/W on <website>/ - a role "canNotEditPage" with RO on <website>/ - a role "canNotAccess" with DENY on <website>/ - a group "editors" with "canEditPage" and "canNotEditPage" role assigned a Now, you create a user, "brian". At this user, you assign the role "canNotAccess" and the group "editors". In this case, which is the final effect? How does Brian behave with pages on root node of website ws? Matteo
---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
