Closed (works as designed)
Project:
Workbench Access
Version:
7.x-1.x-dev
Component:
User interface
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
28 Dec 2011 at 12:51 UTC
Updated:
28 Dec 2011 at 23:33 UTC
It is not possible to separate concerns this way, e.g.:
Taxonomy terms:
Firm
- Department A
- Department B
- Department C
Let's say I want to create a node that is in Section "Department A", so everyone who has access by role to edit "Department A" nodes, can do this.
Now I want to create a node that can be edited by anyone in the firm, so I put it in Section "Firm". For that I have to have access to section "Firm" too by role, otherwise I can't see the Section "Firm" in my select widget.
What is the problem here is that if I have access to "Firm", I automatically have access to "Department B" as well. This isa security problem.
I can not give users the possibility to put content into a section where it can be edited by others BUT am NOT allowed to edit other sub-items of that parent.
Solution would be: automatically see (and be able to select) all parent sections of the ones that I have access to. But not be able to put something into other subnodes of that.
Comments
Comment #1
agentrickardThere are other modules that provide non-hierarchical access. I reject your claim that this is a security problem. It is by design.