[EMAIL PROTECTED] wrote:
On 8/1/05, Doug Chestnut <[EMAIL PROTECTED]> wrote:
I am looking at the docs/source trying to figure out how to allow closed
user groups on my live lenya site (default based pub). My thought is
that I can make a new restricted role (<role id="denied"/>) which would
cancel the inherited <world><role id="visitor"/></world> policy. My
guess is that I would be able to take care of the cancellation in the
policy manager? Am I on the right track, or am I missing something?
Solprovider's hack (http://solprovider.com/lenya/security) will not work
for me since I need the to allow the cms users to restrict access to
live pages. I have seen this brought up a couple times in the mailing
list, but haven't seen a fix/solution. Would be nice to fill in the
blanks on the wiki (http://wiki.apache.org/lenya/HowToClosedUserGroup).
The InheritingPolicyManager makes it very difficult to remove access.
It will be easier to design a proper security system from scratch than
start with InheritingPolicyManager. I would love to hear that 1.4
will include customizable security.
Me too :). This is really a desirable feature for me, getting tired of
maintaining .htaccess file based restrictions on my current site (not in
lenya).
I called my security system a hack because it used high-level XSL
rather than fixing the code. But from your specs, you should be able
to do something similar. You have 2 requirements:
1. Allow the CMS users to choose which pages are secured.
2. Use security for chosen documents:
2.a Block access to page.
2.b Do not display on menu.
2.c Do not display in Search.
The difficult part is changing the CMS GUI to allow choosing pages to
be blocked. The webpage you mentioned has examples of everything
else. Your new button/action in the CMS GUI should:
- Add a tag to the content page to allow page2xhtml.xsl to replace the
page with a message.
- Add an attribute to the sitetree.xmap to block displaying on the
menus in navigation/menu.xsl.
- Create something usable to block search.
Perhaps I am missing something, but it seems that the "AC Live" tab is
the place to restrict access to areas of your site. The patch I put in
bugzilla makes the filepolicymanager (InheritingPolicyManager) only use
one policy, it's own, or closest ancestors when the request is for a
live document.
I am not using the lenya search and don't know how this might affect the
search indexer/crawler.
--Doug
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
