How to deny Anonymous users re-edit their content?

Author Message

André R.

Sunday 12 February 2006 3:51:46 pm

Searching around a bit on how to avoid Anonymous Users having access to editing other Anonymous Users's data. Do I still have to patch/hack ez??

The patch / hack I'am talking about is over 2 years old:
http://ez.no/community/bugs/how_to_allow_simple_posting_for_anonymous_users_no_login_requirements

As I see it, this could be solved be adding Status preference (like Status( Draft , Pending )) to < content, edit > Policies.

Anonymous Forum users role, have this Policies:

content create Class( Forum topic ) , ParentClass( Forum ) 
	
content create Class( Forum reply ) , ParentClass( Forum topic ) 
	
content versionread Class( Forum topic , Forum reply ) , Owner( Self ) , Status( Draft , Pending ) 

content edit Class( Forum topic , Forum reply ) , Owner( Self ) 

And in my situation letting the Anonymous Users editing their post after its published is not something we want or need.

Any sugestion on how to acomplish this ??

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Antoine Schmid

Monday 13 March 2006 2:36:04 am

Hello,

I'm in the same situation and I don't know for now how to resolve this problem.

As someone an idea ?

Antoine Schmid

Thursday 16 March 2006 2:37:03 am

Well,

I've updated to version 3.7.4 and this problem seems to be still there.

One solution - with a major security leak - is to allow anonymous users to edit their content and hide editing tools. But you can imagine that it would be nice to improve this as soon as possible.

The solution is to associate the edit priviledge for the first version of an object for users who can create these objects. But I don't know how to do this without modifing the kernel.

Antoine

Matthew Carroll

Thursday 16 March 2006 7:27:50 am

This issue was 'fixed' in 3.7alpha, half a year ago, but for reasons I do not understand has never made it into a released version of ez. I am running one site from svn/trunk as a result, which is far from ideal.

http://ez.no/bugs/view/6680

See also:

http://pubsvn.ez.no/nextgen/trunk/doc/changelogs/3.8/unstable/CHANGELOG-3.6.0-to-3.8.0alpha1

(search on page for '6680')

:-S

Matthew

http://carroll.org.uk

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.