Joern Nettingsmeier wrote:
Andreas Hartmann wrote:
Joern Nettingsmeier wrote:
[...]
can't we just use the mechanisms which are there?
add role "session".
<world>
<role id="session"/>
</world>
That would mean to open the authoring area for everyone ...
sorry, i just typed the stuff from memory without checking.
what i meant was:
create a new role "session", add world to this role, check for that role
in the ac.log[in|out] usecases.
Yes, I guess I understood it correctly.
With the current implementation, if you give the role "session"
to the world, you allow everyone to enter the authoring area
without logging in.
Maybe we should change this behaviour and require the role
"visit" for visiting pages. This would allow to assign roles
to the world.
sorry, i wasn't aware that the session role exists already...
No, it doesn't exist :)
I wasn't specific enough, let me rephrase my statement:
With the current implementation, if you give *any* role
to the world, you allow everyone to enter the authoring area
without logging in.
-- Andreas
--
Andreas Hartmann
Wyona Inc. - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
