Update on this: I've checked this after updating Security many many times....
Members have two roles applied: member and anonymous. It turns out that I can check the permissions by hand, and each role SEPARATELY returns the correct value (0). However, when the permission check is with the getCurrentRoles() (which returns a list of the two roles), the permission is returned incorrectly. I've check that both application.security.checkPermission() and application.security.factory.barnacle.checkPermission() return the same incorrect response. While looking through all these function, it appears that the permission functions check against the navigation tree. So that might be a problem, but here is what I have: Login Page (permissions set explicitly: anonymous "deny", member "grant") |-- Admin page (permissions set explicitly: member "deny", administrator "grant") This setup does not work. Any thoughts? On Tue, May 4, 2010 at 10:39 AM, Tomek Kott <[email protected]> wrote: > Hi Folks, > > I have a login section of my website (5.1.12), which has permissions set to > "Deny" for Anonymous, and "Grant" for members. This works great and as > expected. > > In this login section, I also have a subnavigation item that redirects to a > different navigation item outside the login area. Both this subnavigation > AND the redirected navigation have permissions set to "Deny" for Anonymous > AND "Deny" for Members, so that only some middle administrators can see it. > > The logged in page has a <skin:genericNav> tag, which has > bHideSecuredNodes="true". This seems to work in other parts of the website. > However, when logging in with a test account that only has member > permissions, I can still SEE the link. Clicking on the link doesn't do > anything (and doesn't throw any errors), but I can nonetheless see the link. > > > So it seems somewhere something is broken, but I don't really know where > that could be. Any ideas? Do I need to go looking through the genericNav and > see if there is permissions checking there? > > Thanks, > Tomek > -- You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry
