Richard Frovarp wrote:
Using 1.2.5-dev I have ran into trouble with user permissions. I'm
using the default publication.
It seems the only way to make it so a user can access the authoring
side is to add them to a group with at least view permissions on the
whole document tree.
The only permission the user now has is view to the whole tree due to
the group they have been added to. They can't edit a page, submit a
page, publish a page, or deactivate a page.
They can now however schedule jobs that don't appear to work. They can
delete jobs scheduled by users that do have the right permissions. The
real problem is the user has full access to update the AC Auth
sections at will. They can promote themself to be an editor or
reviewer on any page they desire. This is obviously a major problem.
How does one go about fixing this?
have you changed these permission throught the GUI?
You might want to take a look at the actual ac files:
PUB/config/ac/permissions/...
and also the one for the usecases:
PUB/config/ac/usecase-policies.xml
Also please be aware that policies are being inherited "down" the tree
if one uses "subtree-policies" ...
HTH
Michi
Thank you,
Richard
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
+41 44 272 91 61
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
