Second siteaccess always asks for login (3.50rc2)

Second siteaccess always asks for login (3.50rc2)

Thursday 16 December 2004 5:04:30 am - 7 replies

Author Message

Daniele P.

Thursday 16 December 2004 7:08:13 am

Always check in the bug database before posting.
There are a lot of new and open bugs.

My be the same:
http://ez.no/community/forum/install_configuration/3_5_0rc2_anonymous_permanently_gets_access_denied
http://ez.no/community/bugs/access_denied_for_anonymous_user

Ulrich L.

Thursday 16 December 2004 11:23:27 pm

Thanks for your hint.
Changing user - anonymus - role - user - login to siteaccess "any" instead of a certain specified siteaccess, as it came up by default, makes the new siteaccess work.
Does this imply any unwanted sideeffects?
3.4.4 behaved differently.

Daniele P.

Friday 17 December 2004 12:22:25 am

> Does this imply any unwanted sideeffects?
I don't know, the eZ publish behaviour is not fullly documented.
The bug is open so this isn't normal...

Frederik Holljen

Friday 17 December 2004 4:07:10 am

The behavior you are seeing is perfectly normal. What we have changed prior to earlier versions is that the setup wizard will not give user/login/* permissions. Instead it will create login permissions only on the siteaccesses it has generated. This improves the security of the default installation.

Daniele P.

Friday 17 December 2004 4:51:10 am

> The behavior you are seeing is perfectly normal.

Sorry but I can't understand.

There is one unanswered question in my bug report:
Why user/login is needed to view the content? For this isn't enough content/read?

Now user/login is required for allowing access to anonymous user!

But if you want to allow anonymous read and disallow user/login for a siteaccess?

Frederik Holljen

Friday 17 December 2004 6:19:27 am

Daniele,

There is some confusion to the function of user/login due to it's naming.
Here is how it works:
- a user (which is not disabled) is always allowed to log in using the username/password field if the user/login is set except for the anonymous user who can not log in (no passwords are accepted)
- The user/login setting also controls if that user is able to see anything in that siteaccess at all.

Daniele P.

Friday 17 December 2004 6:32:27 am

Thanks for the explanation Frederik,
now is clear but is better to add some documentation somewhere. (i.e. in Tutorial and multilingual docs)
In few days three different person make the same confusion.
By the way the name don't suggest what you could expect, so
why not change it into more clear (ie. user/access).

You must be logged in to post messages in this topic!

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.