michael at zambra
Mar 28, 2009, 12:38 PM
Post #3 of 3
(1044 views)
Permalink
|
Hi Bret,
you're spending your Saturday replying to my questions :-) Thanks for
the clarification. I've read Bric::Security but missed the finer points.
It's about time to re-read.
Best,
Michael
Bret Dawson escribió:
> Hi Michael,
>
> Yes, this is expected. Once a user has an asset checked out, she is free
> to edit or delete it. The changed permissions will prevent her from
> publishing the asset, and from checking it out again once she checks it
> in, and from creating any additional media assets.
>
> See Bric::Security (several times, if necessary) for more. Permissions
> can be tough to understand. Also, see Phillip's screencast:
>
> http://www.gossamer-threads.com/lists/bricolage/users/33105?do=post_view_threaded#33105
>
>
>
> Best,
>
> Bret
>
>
> On Sat, 2009-03-28 at 16:10 +0100, Zambra wrote:
>
>> Hello,
>>
>> I have been tinkering with the Bricolage permissions, and have noticed
>> something funny. This is the procedure I followed:
>>
>> 1) As admin I include a user in a "Media manager" group, whose members
>> are able to publish (create, edit...) media.
>> 2) I log in as this user and create a media asset.
>> 3) Again as admin I remove this user from the "Media manager" group. Now
>> she is just a plain Contributor. She is just able to create and edit
>> stories.
>> 4) I log again in as this user, and see that she is able to see and even
>> delete the a.m. media asset.
>>
>> It looks like the user is still the "owner" of the media asset, although
>> she hasn't actually got privileges to deal with this kind of assets now.
>> Is this the intended bahevior?
>>
>> Thanks in advance for your hints.
>>
>> Michael
>>
>>
>>
|
