[opencms-dev] Strange behaviour with permissions (Workplace <-> Direct Edit), Image Gallery visibility
Christian Steinert
christian_steinert at web.de
Thu Mar 26 11:08:52 CET 2009
As far as I understand it, if you neither allow nor deny a permission,
then it remains unchanged. In this case , the permission should be
whatever has been inherited from above (or whatever is the cms default,
if nothing was in herited).
I could be wrong of course, but this is my understanding.
Concerning your actual problem: if you: explicitly deny
publishing/override inherited/inherit to subfolders and there are no
other permissions that explicitly allow your users to publish and your
users are still allowed to published, then this sounds like a bug to me.
But take another look what your effective permissions are for different
kinds of users one level below the folders where you took away the
permissions. There, you should see the effective inherited permissions
for each user group that has settings at all. If you made your settings
correctly then the publish permissions for all user groups that are
assigned to your user groups should all be explicitly denied and for
some additional groups they can be unspecified (neither allowed nor
denied). If with such inheritance your users are still allowed to
publish then it sounds like a bug indeed.
hth
Christian
> Are you sure about that?
>
> I don't think it's correct. If I add a group to the permissions and leave
> everything unchecked (except overwriting inherited of course), the
> permission is not granted if there's no other settings that
> overwrites/explicitly grants permission.
>
> That's how I set it and the permission is denied as expected at the folders
> where access shall be denied.
>
> Also see this thread:
> http://www.nabble.com/Permissions-howto-td5650893.html#a5652385
>
>
>
>
>
> Christian Steinert wrote:
>
>> P.S.
>>
>>> Folder: /
>>> Permission settings: Any permission weakly rejected (unchecked all boxes)
>>> for group "Operators"
>>>
>>>
>> This is not a rejection, this means that you are not changing anything.
>>
>> If you want to reject a permission then you need to reject it. If you
>> want to grant it, you need to grant it.
>> A permission for which you neither grant nor reject anything, will stay
>> at the defaults.
>>
>>
>>
>
>
> -----
> Mathias Lin
> SYSVISION Ltd., China
> http://www.sysvision.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20090326/020423c7/attachment.htm>
More information about the opencms-dev
mailing list