Comment 3 for bug 162670
Revision history for this message
| Richard H. (richard-hewison) wrote [Bug 162670] Re: DL Group Access problem? | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
70fb091
demo site
(Get the code!)
** High Priority **
In IE v6, I cleared all private data (cookies, temp files, etc) from the browser. I then visited the web page on arana and couldn't see the access controlled link. This is as I would expect, as the browser doesn't know who I am so it only shows those links available to EVERYBODY.
Next, I change the URL in the same browser window and login to the document library that contains the document I'm trying to see. I then change the URL again in the same browser, to visit the web page on arana again. I perform a browser refresh just in case and I still don't see the access controlled link.
Now to Mozilla Firefox v2. I cleared all private data in Mozilla then accessed the web page. It didn't show the link (as you would expect). I then cleared private data again and quit the browser completely. I then fired it up again, but this time logged in to the relevant DL that contains the document. I then opened a second tab in the same browser in the same session and visited the web page on arana. The document link is NOT shown.
I'm 99% sure that this proves that access control via LDAP and groups isn't working. This is a huge problem for us. It appears that our previous testing was affected by the Zope Manager role credentials being able to see everything regardless.
This needs to be investigated as a matter of urgency. This is a key component to the DL LDAP additions which we thought was working, but obviously isn't.