[MAGNOLIA-3399] ACL has no way to restrict editor from being publisher and vice versa Created: 22/Nov/10 Updated: 25/Nov/10 Resolved: 25/Nov/10 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Critical |
| Reporter: | Chetan | Assignee: | Boris Kraft |
| Resolution: | Not an issue | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
1) deny access ACL to /modules/adminInterface/commands should make user not able to activate/ deactivate page, from bottom tool bar buttons and on page link right click menus. Basically there is no way to restrict editor from being publisher and vice versa |
| Comments |
| Comment by Chetan [ 22/Nov/10 ] |
|
Hope issue is clear enough |
| Comment by Boris Kraft [ 25/Nov/10 ] |
|
Use workflow. |
| Comment by Boris Kraft [ 25/Nov/10 ] |
|
While I agree it would be nice to have even more fine-tuned control. e.g. not allowing an editor to change the name of a page, you can work around this by creating your own user interface to edit content, e.g. use the data module to write articles, then use the website module to assemble the content. Give your authors access to the data module only and that solves your problem. |