[opencms-dev] Strange behaviour with permissions (Workplace <-> Direct Edit), Image Gallery visibility

Christian Steinert christian_steinert at web.de
Thu Mar 26 11:08:52 CET 2009


As far as I understand it, if you neither allow nor deny a permission, 
then it remains unchanged. In this case , the permission should be 
whatever has been inherited from above (or whatever is the cms default, 
if nothing was in herited).

I could be wrong of course, but this is my understanding.

Concerning your actual problem: if you: explicitly deny 
publishing/override inherited/inherit to subfolders and there are no 
other permissions that explicitly allow your users to publish and your 
users are still allowed to published, then this sounds like a bug to me.

But take another look what your effective permissions are for different 
kinds of users one level below the folders where you took away the 
permissions. There, you should see the effective inherited permissions 
for each user group that has settings at all. If you made your settings 
correctly then the publish permissions for all user groups that are 
assigned to your user groups should all be explicitly denied and for 
some additional groups they can be unspecified (neither allowed nor 
denied). If with such inheritance your users are still allowed to 
publish then it sounds like a bug indeed.


hth
Christian
> Are you sure about that? 
>
> I don't think it's correct. If I add a group to the permissions and leave
> everything unchecked (except overwriting inherited of course), the
> permission is not granted if there's no other settings that
> overwrites/explicitly grants permission.
>
> That's how I set it and the permission is denied as expected at the folders
> where access shall be denied.
>
> Also see this thread:
> http://www.nabble.com/Permissions-howto-td5650893.html#a5652385
>
>
>
>
>
> Christian Steinert wrote:
>   
>> P.S.
>>     
>>> Folder: /  
>>> Permission settings: Any permission weakly rejected (unchecked all boxes)
>>> for group "Operators"
>>>   
>>>       
>> This is not a rejection, this means that you are not changing anything.
>>
>> If you want to reject a permission then you need to reject it. If you 
>> want to grant it, you need to grant it.
>> A permission for which you neither grant nor reject anything, will stay 
>> at the defaults.
>>
>>
>>     
>
>
> -----
> Mathias Lin
> SYSVISION Ltd., China
> http://www.sysvision.com
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20090326/020423c7/attachment.htm>


More information about the opencms-dev mailing list