double_top.tpl does not obey permissions

Next topic

Author	Message
James Ward	Friday 01 September 2006 12:06:57 pm Hi all, I changed my anonymous user to only have access to user, login and set my site.ini to requireuserlogin. This gave me the login menu I expected. I did not however expect the top menu to continue to list all areas of my site. I thought the fetch would not retrive any of areas which the annonymous user did not have access to. Is there a way I can make the double_top.tpl behave as I expected? working at www.wardnet.com blogging at www.jamesward.ca
Claudia Kosny	Saturday 02 September 2006 3:19:50 am Hello James it seems that this is a bug in EZ. If a user does not have any content read permissions at all, the limitationlist is set to false which again causes the sql limitation string to be empty. And an emtpy permission string means no restrictions. It is roughly similar to this bug: http://ez.no/community/bugs/role_permissions_problem_fetching_information_without_permissions so you might want to update this one with your information or create a new one. A workaround should be to give the user a new role which has content read permissions limited to some obscure class which you never use (you might need to create such adummy class beforehand). Greetings from Luxembourg Claudia
Kristof Coomans	Monday 04 September 2006 1:47:35 am You can check first if the user is logged in: {if $current_user.is_logged_in} {* place menu code here *} {/if} independent eZ Publish developer and service provider \| http://blog.coomanskristof.be \| http://ezpedia.org

Author

Message

Friday 01 September 2006 12:06:57 pm

Hi all,
I changed my anonymous user to only have access to user, login and set my site.ini to requireuserlogin. This gave me the login menu I expected.

I did not however expect the top menu to continue to list all areas of my site. I thought the fetch would not retrive any of areas which the annonymous user did not have access to. Is there a way I can make the double_top.tpl behave as I expected?

working at www.wardnet.com
blogging at www.jamesward.ca

Claudia Kosny

Saturday 02 September 2006 3:19:50 am

Hello James

it seems that this is a bug in EZ. If a user does not have any content read permissions at all, the limitationlist is set to false which again causes the sql limitation string to be empty. And an emtpy permission string means no restrictions.
It is roughly similar to this bug:
http://ez.no/community/bugs/role_permissions_problem_fetching_information_without_permissions

so you might want to update this one with your information or create a new one.

A workaround should be to give the user a new role which has content read permissions limited to some obscure class which you never use (you might need to create such adummy class beforehand).

Greetings from Luxembourg

Claudia

Kristof Coomans

Monday 04 September 2006 1:47:35 am

You can check first if the user is logged in:

{if $current_user.is_logged_in}
{* place menu code here *}
{/if}

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org