I have read everything in this forum about setting up permisisons and passwords, but I still can't accomplich what I am trying to do.
I only want users in the group _AUTHENTICATED to be able to view pages.
Category Gruop looks like this:
All links in this page will be used to find user groups for the
WIKIPAGE group method. User group pages must contain a list of
usernames, and then for consistency after four hyphens a link to this
page.
[Administrators]
[_AUTHENTICATED]
_AUTHENTICATE looks like this:
*BillNeely
[CategoryGroup]
I have several pages set (ACL) to be viewd by Authenticated Users only. If I have read enerything correctly, only usernaem BillNeely should be able to view those pages. But, in fact, everybody who logs in and establishes a password is able to view those pages.
What am I missing here?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am not sure if this helps or not, but I made the following change to main.php at about line 242:
// if (! $this->_user->hasAuthority($require_level))
if ($this->requiredAuthorityForAction ($action) == 100)
{
$this->_notAuthorized($require_level); // NORETURN
}
This seems to resolve the problem. Now unautorized users are given the enter your password page instead of the prohibited page. Haven't tested this very thoroughly yet.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have read everything in this forum about setting up permisisons and passwords, but I still can't accomplich what I am trying to do.
I only want users in the group _AUTHENTICATED to be able to view pages.
Category Gruop looks like this:
All links in this page will be used to find user groups for the
WIKIPAGE group method. User group pages must contain a list of
usernames, and then for consistency after four hyphens a link to this
page.
[Administrators]
[_AUTHENTICATED]
_AUTHENTICATE looks like this:
*BillNeely
[CategoryGroup]
I have several pages set (ACL) to be viewd by Authenticated Users only. If I have read enerything correctly, only usernaem BillNeely should be able to view those pages. But, in fact, everybody who logs in and establishes a password is able to view those pages.
What am I missing here?
Making the following change at line 239 or so, makes it diplay the not auth message instead of the sign in message
// $require_level = $this->requiredAuthority($action);
$require_level = $this->requiredAuthorityForAction($action);
I am not sure if this helps or not, but I made the following change to main.php at about line 242:
// if (! $this->_user->hasAuthority($require_level))
if ($this->requiredAuthorityForAction ($action) == 100)
{
$this->_notAuthorized($require_level); // NORETURN
}
This seems to resolve the problem. Now unautorized users are given the enter your password page instead of the prohibited page. Haven't tested this very thoroughly yet.