ACL Permissions

  • novatrope

    I have read everything in this forum about setting up permisisons and passwords, but I still can't accomplich what I am trying to do.

    1. I only want users in the group _AUTHENTICATED to be able to view pages.

    2. Category Gruop looks like this:
      All links in this page will be used to find user groups for the
      WIKIPAGE group method. User group pages must contain a list of
      usernames, and then for consistency after four hyphens a link to this

    3. [Administrators]


    5. _AUTHENTICATE looks like this:


    I have several pages set (ACL) to be viewd by Authenticated Users only. If I have read enerything correctly, only usernaem BillNeely should be able to view those pages. But, in fact, everybody who logs in and establishes a password is able to view those pages.

    What am I missing here?

    • novatrope

      Making the following change at line 239 or so, makes it diplay the not auth message instead of the sign in message

      // $require_level = $this->requiredAuthority($action);
      $require_level = $this->requiredAuthorityForAction($action);

    • novatrope

      I am not sure if this helps or not, but I made the following change to main.php at about line 242:

      // if (! $this->_user->hasAuthority($require_level))
      if ($this->requiredAuthorityForAction ($action) == 100)
      $this->_notAuthorized($require_level); // NORETURN

      This seems to resolve the problem. Now unautorized users are given the enter your password page instead of the prohibited page. Haven't tested this very thoroughly yet.