[Erp5-dev] security problem
Yoshinori Okuji
yo at nexedi.com
Tue Feb 8 11:02:52 CET 2005
On Tuesday 08 February 2005 10:20, Sebastien Robin wrote:
> I have an assignee in a module. This assignee has not the right to
> add portal cotent (and the acquire setting is off). But when I go to
> the module logged in has the assignee, then I do have in actions 'add
> New Something', and I'm able to add it. Is it a configuration problem
> or an ERP5 problem ?
Are you sure that the account you used for this assignee does not have
any other role? For example, if the account is a Manager (in the ERP5
Site or in the whole Zope), this user can do anything. I think this is
a typical error. If not, I have no idea. I can look at it tomorrow, if
necessary.
> And also, I don't have the right to delete, copy, paste something,
> but there is the delete, cut, copy, paste icons. I think it should
> be really great to disable them when we don't have right to do
> things. Actually, I can clic on it and then I'm logged off.
I agree. Do you want to implement it? ;)
YO
--
Yoshinori Okuji, Nexedi Research Director
Nexedi: Consulting and Development of Free / Open Source Software
http://www.nexedi.com
ERP5: Free / Open Source ERP Software for small and medium companies
http://www.erp5.org
Storever: OpenBrick, WiFi infrastructure, notebooks and servers
http://www.storever.com
More information about the Erp5-dev
mailing list