|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000798||v2.4 Release (Closed)||[All Projects] General||public||2011-05-09 08:22||2011-08-16 23:39|
|Status||closed||Resolution||no change required|
|Target Version||Fixed in Version||2.4|
|Summary||0000798: Adding single deny rule in role leaves users blind to all modules|
|Description||1.)Create custom role|
2.)Add access+view to all non-admin modules
3.)Add extra rule to deny user access+view to companies
Results=User blind to all modules
4.)Remove deny rule
Result=User still blind to all modules
Fix: Remove original allow rule for non-admin modules and re-apply it
Consequences: Impossible to do blanket allow statement and then selectively apply deny rules to specific modules
Adding individual modules
Clearing all rules and then adding each individual module with it's own allow rule also leaves the user blind so the only option is to give all users access to non-admin modules.
|Tags||No tags attached.|
When a 'Deny' is applied, we immediately recalculate and apply permissions based on the assumption that you should immediately lose access to anything included.
When a 'Deny' is removed, we don't immediately recalculate permissions based on the assumption that you're probably tuning permissions. We err on the side of safety.
To really remove this Deny, the user has to log out and log back in. That clears the permissions cache and rebuilds it.
|2011-05-09 08:22||unc0nnected||New Issue|
|2011-05-21 22:23||caseydk||Project||v2.2 Release (Closed) => v2.4 Release (Closed)|
|2011-08-07 17:48||caseydk||Note Added: 0002125|
|2011-08-07 17:48||caseydk||Status||new => resolved|
|2011-08-07 17:48||caseydk||Resolution||open => no change required|
|2011-08-07 17:48||caseydk||Assigned To||=> caseydk|
|2011-08-16 23:39||caseydk||Status||resolved => closed|
|2011-08-16 23:39||caseydk||Fixed in Version||=> 2.4|