I noticed that after setting up all of my categories and columns and setting the allowed groups to admin only. I can still go the main page, without logging in at all and am allowed to create and delete entries. Is there a way to prevent this? My goal is to only allow logged in users to view any of the categories and even more specifically to allow users with granted admin rights to create, edit or delete any categories or columns.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Adding to this, the default behavior of this application appears that if a category is set up, whatever group is assigned to this category, then anyone visiting the homepage without logging in will have those rights to that category. the effective rights are only enforced if a user logs in.
for example, a category named "Test" is created with the "guest" and "admin" groups checked. Joe blow drops by with his browser and has no login or password. Joe blow can still add, delete, and edit columns for this category (providing that columns have been created).
On the other hand, if either no group is checked or only "guest" then nobody can get to this category whether logged in or not.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I was able to get around this by renaming (can't delete) the guest account. Once you rename the guest accout to whatever and set a password to it, do not select it as a group with permissions to this category and you will get an access denied error unless you log in.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I noticed that after setting up all of my categories and columns and setting the allowed groups to admin only. I can still go the main page, without logging in at all and am allowed to create and delete entries. Is there a way to prevent this? My goal is to only allow logged in users to view any of the categories and even more specifically to allow users with granted admin rights to create, edit or delete any categories or columns.
Adding to this, the default behavior of this application appears that if a category is set up, whatever group is assigned to this category, then anyone visiting the homepage without logging in will have those rights to that category. the effective rights are only enforced if a user logs in.
for example, a category named "Test" is created with the "guest" and "admin" groups checked. Joe blow drops by with his browser and has no login or password. Joe blow can still add, delete, and edit columns for this category (providing that columns have been created).
On the other hand, if either no group is checked or only "guest" then nobody can get to this category whether logged in or not.
I was able to get around this by renaming (can't delete) the guest account. Once you rename the guest accout to whatever and set a password to it, do not select it as a group with permissions to this category and you will get an access denied error unless you log in.
Thanks, your solution worked!