Hi Tim On 05/12/13 15:13, Tim Waugh wrote:
On Thu, 2013-12-05 at 08:40 +0000, Tim Allen wrote:JobPrivateAccess defaultThis is saying that the access list for the private values is default, i.e. "@OWNER @SYSTEM".
Yes, so my understanding is that any job not owned by the authenticated user (who is not a member of lpadmin) should show as withheld, whereas what actually happens is that all job details for all users are shown.
That expected behaviour /does/ occur with <Location /> AuthType Default Require valid-user Order allow,deny Allow @LOCAL </Location> but not with <Location /> Order allow,deny Allow @LOCAL </Location> <Location /jobs> AuthType Default Require valid-user Order allow,deny Allow @LOCAL </Location>
What's the list of private values that are so protected?:JobPrivateValues noneThere are none, so everything is unprotected.
Yes, agreed - no problem with that. Cheers Tim -- Next meeting: Bournemouth, Tuesday, 2014-01-07 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:dorset@mailman.lug.org.uk How to Report Bugs Effectively: http://goo.gl/4Xue
