Joern Nettingsmeier wrote:
Andreas Hartmann wrote:
Josias Thöny wrote:
Hi devs,
Currently the logout entry is disabled in the menu, because there is no
policy.
However, it's possible to call ?lenya.usecase=ac.logout directly.
So I guess the login/logout usecases ignore policies, which probably
makes sense.
Yes, these usecases are matched in the main sitemap above the
authorized pipelines.
But how can we re-enable the logout menu-item?
I guess we just have to add the usecase policy. Or should we handle
these usecases in a special way, e.g.
<usecases xmlns="http://apache.org/cocoon/lenya/ac/1.0";>
...
<usecase id="ac.login" protect="false"/>
...
</usecases>
can't we just use the mechanisms which are there?
add role "session".
<world>
<role id="session"/>
</world>
That would mean to open the authoring area for everyone ...
<usecase id="ac.login">
<role id="session"/>
</usecase>
<usecase id="ac.logout">
<role id="session"/>
</usecase>
it avoids having a special case, and that is always worth some extra
typing imho :)
I don't quite understand the purpose of the "session" role.
IMO we have to allow the logout usecase for the edit+review+admin
roles, don't we?
-- Andreas
--
Andreas Hartmann
Wyona Inc. - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
