Forum OpenACS Q&A: Packages seem to be inheriting "Public, read" from somewhere

1: Packages seem to be inheriting "Public, read" from somewhere

Posted by Gaven Eogan on 03/01/04 06:31 PM

I have a problem with the permissions side of the ACS to do with the packages inherited permissions. At the moment each package seems to be inheriting "Public, read" from somewhere unknown (it's parents, Mainsite, object -3, object -4 don't have it). This means anyone can get into the package even not logged in. The only way to remove this is to set "Don't Inherit Permissions from Main Site" but when this is set only superusers with "admin" permission can get into package not registered users. You can grant direct permission to registered users for Read, but i don't know if this means they can't create or write. It appears you can only add one direct permission (add another and first disappears). Using OpenACS 5.0.0

2: Re: Packages seem to be inheriting "Public, read" from somewhere (response to 1)

Posted by Jade Rubick on 03/01/04 07:22 PM

You should set it so that permissions are not inherited from the main site,

then grant read access to registered users

If you want them to have create and write permissions, you can grant those as well.

You should be able to add more than one direct permission. If that doesn't work, then it should be filed as a bug.

3: Re: Packages seem to be inheriting "Public, read" from somewhere (response to 1)

Posted by Cathy Sarisky on 03/02/04 11:03 PM

As a friendly reminder (in case you're considering it), do not revoke read access to the public on the main site. Doing so prevents users from accessing the registration page, which means they can't log in! And since you can't log in to fix it, you end up having to fix it in plsql. :P

4: Re: Packages seem to be inheriting "Public, read" from somewhere (response to 1)

Posted by Walter McGinnis on 03/03/04 11:47 PM

Hah. One of my first tasks when I started working at aD was writing a "registered users only" filter for ACS 1. I remembered to add an exception for /SYSTEM and /register along with a few other things (probably related to images) to avoid the kind of problem you mention. I've seen this exception be dropped from every version of (Open)ACS since.

Life is funny.

5: Re: Packages seem to be inheriting &quot;Public, read&quot; from somewhere (response to 2)

Posted by Gaven Eogan on 03/04/04 05:51 PM

I have taken away "Inherit from mainsite" and granted read to Registered users directly on each important package - still can't add more than one permission per package though so could be OpenACS bug. This should mean people not logged in go straight to login page if they try and access, and logged in has normal use? So what do I need the write/create for exactly?

6: Re: Packages seem to be inheriting &amp;quot;Public, read&amp;quot; from somewhere (response to 5)

Posted by Jade Rubick on 03/04/04 08:10 PM

You should test it out by logging in as other users, and see what behavior they get.

Write and create are package specific, but generally they allow you well, create new information in that package.

You should file a bug if you're not able to assign more permissions in the bug-tracker. (Click on Bugs on the openacs website)