Comment 17 for bug 1450132
Revision history for this message
| Carlos de la Guardia (cguardia) wrote | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
5466644
demo site
(Get the code!)
Ok, thanks for the clues. Had to debug for a while, but now I know what happens.
The issue is that all forum posts have (Deny, Everyone, ('edit', 'delete')) in the local acl, which in effect prevents inheritance of parent's acls. The Pyramid authorization policy returns a Deny as soon as it reaches this acl, and never even attempts to check the parents. This comes from the workflow definitions.
I suggest we change the default workflow for forums to either remove the no inherit acl or include an Allow for group.FeatureAdmins before that. This same behavior will also show up in blog posts and comments. This change would require walking up to every post and changing the local acl.