Bug 37403 - restricetd access to admin-area doesn't work
restricetd access to admin-area doesn't work
Status: RESOLVED FIXED
Product: Lenya
Classification: Unclassified
Component: Default Publication
1.2.4
Other Linux
: P2 normal
: 1.2.6
Assigned To: Lenya Developers
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2005-11-08 15:11 UTC by Daniel Angileri
Modified: 2010-07-21 11:26 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Angileri 2005-11-08 15:11:47 UTC
I wanted to create a user-group which has restricted access to the admin-area.
Each member of this group should be able to create other members but nothing more. 

Member: PCA_1
Group: PCA_Bereich1
role: testrole (id: testrole)

So I edited the subtree-policy.acml:
*********************************************
<?xml version="1.0" encoding="UTF-8"?>
<ac:policy xmlns:ac="http://apache.org/cocoon/lenya/ac/1.0" ssl="false">
  <ac:group id="PCA_Bereich1">
    <ac:role id="testrole"/>
  </ac:group>
  <ac:group id="admin">
    <ac:role id="admin"/>
  </ac:group>
</ac:policy>
*********************************************

and the usecase-policies.xml:
*********************************************
<?xml version="1.0"?>
<usecases xmlns="http://apache.org/cocoon/lenya/ac/1.0">
        <usecase id="create"><role id="edit"/></usecase>
        <usecase id="archive"><role id="edit"/></usecase>
        <usecase id="delete"><role id="edit"/></usecase>
        <usecase id="restore"><role id="edit"/></usecase>

        <usecase id="userChangeProfile"><role id="edit"/><role
id="admin"/></usecase>
        <usecase id="userChangePasswordUser"><role id="edit"/></usecase>
        <usecase id="userChangePasswordAdmin"><role id="admin"/></usecase>
        <usecase id="userChangeGroups"><role id="admin"/></usecase>

        <usecase id="userAddUser"><role id="testrole"/></usecase>
</usecases>
*********************************************

Now the user "PCA_1", which is member of the group "PCA_Bereich1" and has the
role "testrole", should have only rights to add an user.

The problem is, that he has full access to the admin-area. He can add/delete
groups, delete user, change passwords...
Comment 1 Florent ANDRE 2010-07-21 11:26:29 UTC
Integrated in the Lenya 3 wished features : http://wiki.apache.org/lenya/Lenya
3.0