The mess is increasing,
Here's the response my client receives after the privacy reset
Well, now I can read what's been posted but can't reply. The system asks me
for my password but won't accept the password I registered with, coming up
with an "unknown user name or password" response. Next?
Folks, this permission system realy sucks if you ask me
- reader is registered member
- all permissions are set correctly
All I want is that people can read a posting and can reply to it. What's the big deal ???? Could it be we have end users security and hacker security perception, so both with difrent goals?
I smell over engineering, or a broken package. Maybe its better to set defaults on low security so humanoids can use the system from basic install, and have all the fringe security benefits as options. Fighting with this issue I noticed that the main site permissions are not even coppied to subsite and trying to copy the settings form openacs.org, 1 deafault setting was even missing. The trouble is once you start fiddeling with permissons you're lost in seconds. THere must be a better way build a UI than have us guessing as to who to assign functionality. But what the heck, I am a simple administrator, why should I have to fight with this shit.
I also notice there seem to be 2 permissions systems. Maybe that's where things get messed up. One level is the package/subsite, where choices make a lot of sense, but activating those don't seem to have much effect. The second is the admin/sitemap level where you can give individual users rights. That's where the real mess starts. I have a feeling somehow these options create the confusion. Maybe they are relics of past designs.
This doen't make any sense. Please let me know how I can make the forum web 2.0 today. This now becomes a critical issue, as I am about to introduce OACS to a huge travel trade network.
Ben
