Hi David, [EMAIL PROTECTED] wrote:
We have remarks that we can unlock a document within the HippoCMS even if we are login as the root.
I assume you mean "cannot unlock"?
It's possible to custom a Hippo action or maybe a Workflow action (replace the value in the properties) which could unlock a document check-out by a simple user. Some webdav tools like skunkdav can steal a lock and then unlock a document. Are there the only ways? Has anything like this been done before?
There is actually a "hidden" unlock action. See editor/src/site/actions/resources/xml/actions.xml, it is commented out. Try uncommenting it, it should work straight away (but haven't tried since 6.03.00). I don't exactly remember if it allows all users to unlock or only root.
As a little bit background info, locking in WebDAV is done using a token, which is stored in a property while the resource is locked. Anyone with the right access can read this property, and use the token to unlock the resource. WebDAV relies on the client to see that only the "right" users can do the unlock.
Hope this helps! Regards Niels ******************************************** Hippocms-dev: Hippo CMS development public mailinglist
