On Wed, Apr 29, 2009 at 7:07 PM, Lukas Renggli <renggli@gmail.com> wrote:
>> Suppose you are a final user with finalUser group. You will be
>> able to add a PRBlogWithAuthorization but won't be able to add a PRBlog.
>> However, both of them are shown in the list. Ok, I that user selects a
>> PRBlog then Pier says "permission denied". But, I would like to avoid this
>> step. I mean, each user see in that list the thing he has permissions for.
> I'll have to check this, I thought this was filtered?

You are right, this is something I missed. I fixed this issue in
Pier-Security-lr.137. Please let me know if this solves the problem.

Name: Pier-Security-lr.137
Author: lr
Time: 30 April 2009, 12:06:13 am
UUID: 9ddcb800-7198-4937-8413-d979ffb01263
Ancestors: Pier-Security-lr.136
- only show the add actions, that the user actually has the permission for

Similar to this, I have another problem. Suppose finalUser group doesn't have view permission (recursively) in /xxx/_System Management  but have permission for adding a PRPostWithAuthentication. When a final user goes to add a Post, in the enchantments editor it has the "Link" and "embedded" options and the links they show, are ALL. Not just the links the user have view permission. Is this correct? If this is true, how can I modify it ?

Thanks a lot,




Lukas Renggli
Magritte, Pier and Related Tools ...