Bug 37403

Summary: restricetd access to admin-area doesn't work
Product: Lenya Reporter: Daniel Angileri <daniel.angileri>
Component: Default PublicationAssignee: Lenya Developers <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 1.2.4   
Target Milestone: 1.2.6   
Hardware: Other   
OS: Linux   

Description Daniel Angileri 2005-11-08 15:11:47 UTC 
I wanted to create a user-group which has restricted access to the admin-area.
Each member of this group should be able to create other members but nothing more. 

Member: PCA_1
Group: PCA_Bereich1
role: testrole (id: testrole)

So I edited the subtree-policy.acml:
*********************************************
<?xml version="1.0" encoding="UTF-8"?>
<ac:policy xmlns:ac="http://apache.org/cocoon/lenya/ac/1.0" ssl="false">
  <ac:group id="PCA_Bereich1">
    <ac:role id="testrole"/>
  </ac:group>
  <ac:group id="admin">
    <ac:role id="admin"/>
  </ac:group>
</ac:policy>
*********************************************

and the usecase-policies.xml:
*********************************************
<?xml version="1.0"?>
<usecases xmlns="http://apache.org/cocoon/lenya/ac/1.0">
        <usecase id="create"><role id="edit"/></usecase>
        <usecase id="archive"><role id="edit"/></usecase>
        <usecase id="delete"><role id="edit"/></usecase>
        <usecase id="restore"><role id="edit"/></usecase>

        <usecase id="userChangeProfile"><role id="edit"/><role
id="admin"/></usecase>
        <usecase id="userChangePasswordUser"><role id="edit"/></usecase>
        <usecase id="userChangePasswordAdmin"><role id="admin"/></usecase>
        <usecase id="userChangeGroups"><role id="admin"/></usecase>

        <usecase id="userAddUser"><role id="testrole"/></usecase>
</usecases>
*********************************************

Now the user "PCA_1", which is member of the group "PCA_Bereich1" and has the
role "testrole", should have only rights to add an user.

The problem is, that he has full access to the admin-area. He can add/delete
groups, delete user, change passwords...
Comment 1 Florent ANDRE 2010-07-21 11:26:29 UTC 
Integrated in the Lenya 3 wished features : http://wiki.apache.org/lenya/Lenya
3.0