disabled logout entry in menu

Thread: disabled logout entry in menu

Search this list only Search all lists
disabled logout entry in menu
	2006-06-27 14:40:13
Andreas Hartmann wrote: > Joern Nettingsmeier wrote: >> Andreas Hartmann wrote: >>> Joern Nettingsmeier wrote: >>> >>> [...] >>> >>>>>> can't we just use the mechanisms which are there? >>>>>> >>>>>> add role "session". >>>>>> >>>>>> <world> >>>>>> <role id="session"/> >>>>>> </world> >>>>> That would mean to open the authoring area for everyone ... >>>> sorry, i just typed the stuff from memory without checking. >>>> what i meant was: >>>> create a new role "session", add world to this role, check for that >>>> role >>>> in the ac.log[in\|out] usecases. >>> Yes, I guess I understood it correctly. >>> >>> With the current implementation, if you give the role "session" >>> to the world, you allow everyone to enter the authoring area >>> without logging in. >>> >>> Maybe we should change this behaviour and require the role >>> "visit" for visiting pages. This would allow to assign roles >>> to the world. >> >> sorry, i wasn't aware that the session role exists already... > > No, it doesn't exist > I wasn't specific enough, let me rephrase my statement: > > With the current implementation, if you give any role > to the world, you allow everyone to enter the authoring area > without logging in. that is unfortunate for huge values of unfortunate. imho this needs to be fixed before a release can happen. what's the rationale behind this behaviour? can we implement the same security principle as with the usecases for locations? -- "Án nýrra verka, án nútimans, hættir fortíðin að vekja áhuga." "Without new works, without the present the past will cease to be of interest." - Ásmundur Sveinsson (1893-1982) -- Jörn Nettingsmeier, EDV-Administrator Institut für Politikwissenschaft Universität Duisburg-Essen, Standort Duisburg Mail: pol-adminuni-due.de, Telefon: 0203/379-2736 ------------------------------------------------------------ --------- To unsubscribe, e-mail: dev-unsubscribelenya.apache.org For additional commands, e-mail: dev-helplenya.apache.org

disabled logout entry in menu
	2006-06-28 07:15:47
Joern Nettingsmeier wrote: > Andreas Hartmann wrote: >> Joern Nettingsmeier wrote: >>> Andreas Hartmann wrote: >>>> Joern Nettingsmeier wrote: >>>> >>>> [...] >>>> >>>>>>> can't we just use the mechanisms which are there? >>>>>>> >>>>>>> add role "session". >>>>>>> >>>>>>> <world> >>>>>>> <role id="session"/> >>>>>>> </world> >>>>>> That would mean to open the authoring area for everyone ... >>>>> sorry, i just typed the stuff from memory without checking. >>>>> what i meant was: >>>>> create a new role "session", add world to this role, check for that >>>>> role >>>>> in the ac.log[in\|out] usecases. >>>> Yes, I guess I understood it correctly. >>>> >>>> With the current implementation, if you give the role "session" >>>> to the world, you allow everyone to enter the authoring area >>>> without logging in. >>>> >>>> Maybe we should change this behaviour and require the role >>>> "visit" for visiting pages. This would allow to assign roles >>>> to the world. >>> sorry, i wasn't aware that the session role exists already... >> No, it doesn't exist >> I wasn't specific enough, let me rephrase my statement: >> >> With the current implementation, if you give any role >> to the world, you allow everyone to enter the authoring area >> without logging in. > > that is unfortunate for huge values of unfortunate. > imho this needs to be fixed before a release can happen. what's the > rationale behind this behaviour? The intention was that you don't have to introduce a special role to be able to access pages, i.e. any role would imply that you can at least access the page. > can we implement the same security principle as with the usecases for > locations? Could you explain this a little more detailed? Thanks! -- Andreas -- Andreas Hartmann Wyona Inc. - Open Source Content Management - Apache Lenya http://www.wyona.com http://lenya.apache.org andreas.hartmannwyona.com andreasapache.org ------------------------------------------------------------ --------- To unsubscribe, e-mail: dev-unsubscribelenya.apache.org For additional commands, e-mail: dev-helplenya.apache.org

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )