As far as I can see this is a pretty big hole. A contributor user cannot approve a navigation item that he/she created, however the same user can edit an existing navigation item (that has already been approved) and make changes to it without approval. Does anyone else see a problem with this?
If you change the permission to not allow editing of the particular navigation item it seems to cascade down the branches so this does not appear to be a viable option. On Sep 28, 4:11 pm, Jake Churchill <[email protected]> wrote: > dmNavigation has never had an approval process. I've yet to use any > of the 5.x branch but I assume not a whole lot has changed. I know > security was scheduled to change though. On my 4.0 branch, you can > simply do this... > > log into the webtop as an admin and find the node that you want to > restrict. Right click on it and select permissions. Change the > select box to the permission group you want to modify ("contributor" > in this case) and for "Edit" change it to "No". > > This will keep them from getting the move menu completely. > > If you want to know more about what else would be affected, look at / > core/tags/navajo/overview.cfm (this was around line 1244). > > NOTE: This is on version 4.0 as I mentioned. > > -Jake > > On Sep 28, 7:16 am, turbofan <[email protected]> wrote: > > > Tomek, > > > I have gone through each of the permissions that I can see are in > > relation to dmNavigation without success. Can one of the daemonities > > please advise on what they would recommend? > > > If this is a bug, would it be a big undertaking for me to try to > > implement a fix? Any clues on which files I should look at to develop > > the fix? > > > thanks > > > On Sep 27, 10:53 am, Tomek Kott <[email protected]> wrote: > > > > have you looked through all the possible permissions that might be related > > > to navigation? There might be some that deal with exactly what you want to > > > do. I'm not sure as I've never checked it. > > > > It also seems that the status category is built into the dmNavigation > > > type, > > > but doesn't seem to require a draft before changing a node, which would > > > mean > > > that there is no approval process necessary. This might be a bug or not, > > > but > > > that's a question for the daemonites i guess... > > > > Tomek > > > > On Sun, Sep 27, 2009 at 10:27 AM, Marco van den Oever < > > > > [email protected]> wrote: > > > > > OK i was thinking in a more general "site" idea. > > > > I really have to wait with you for this answer, curious if it's > > > > possible. > > > > > On Sep 27, 2:24 pm, turbofan <[email protected]> wrote: > > > > > I understand that the site plugin can be removed from the policy group > > > > > permissions, but this would not provide a valid solution. I need the > > > > > contributor user to be able to create and edit site content but not > > > > > approve (currently the case). The user should not be able to rename > > > > > and move navigation node items in the site tree without approval. > > > > > Currently the contributor can both rename and move navigation items > > > > > without approval. Does anyone have any other ideas? Please. > > > > > thanks > > > > > > On Sep 25, 9:01 pm, Marco van den Oever <[email protected]> > > > > > wrote: > > > > > > > What do you need for that given group? Do they need to be able to > > > > > > change the website tree or just contribute content items? > > > > > > If they only need to contribute content items then you could change > > > > > > the contributors group by removing the relevant permissions like > > > > > > Tree*, or duplicate permissions of contributors group and change. > > > > > > > On Sep 25, 4:11 pm, turbofan <[email protected]> wrote: > > > > > > > > FarCry has a build in policy group for contributors, this group > > > > > > > has > > > > > > > the ability to create content within the site tree, in addition > > > > > > > members in the group do not have the ability to approve content > > > > > > > that > > > > > > > is created. > > > > > > > > The current problem that I am running into is that the contributor > > > > > > > policy group also gives the user the ability to edit navigation > > > > > > > items > > > > > > > (i.e. rename them) and move them up and down without requesting > > > > > > > any > > > > > > > type of approval. Does anyone know if a policy group can be > > > > > > > created > > > > > > > to prevent the user from renaming and moving navigation items > > > > > > > without > > > > > > > approval? --~--~---------~--~----~------------~-------~--~----~ You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry -~----------~----~----~----~------~----~------~--~---
