[support] Permissions are driving me crazy
Steven Scotten
steves at splicer.com
Fri Sep 25 08:31:50 UTC 2009
Maybe it's because it's 1am, but permissions just aren't behaving the
way I think they should.
I'm trying to prevent an authenticated user with no other roles from
being able to delete the content that they create.
The nodetype is an Ubercart product with a number of CCK fields and
fieldgroups.
The "authenticated user" column in permissions has only these boxes
checked:
access site-wide contact form
access content
search content
create enrollment products (enrollment is the name of the product class)
"delete own enrollment products" is NOT checked. Neither is "edit own
enrollment products"
Admin users have all the boxes checked.
I even installed the access control module, and set the "authenticated
user" to be only allowed to view this content type, not edit or delete
even their own. No effect. plain ol' authenticated user with no other
roles can build a new product, then go back and delete it. Which is
what I don't want to happen.
Is there something about Ubercart that overrides permissions?
I suppose I could use CSS to hide the "delete" button. Admin users
could still delete content through the content list. Still, seems like
this is not behaving the way it ought to.
Maybe after I sleep a while it will become clear. Or maybe someone out
there reading this knows some permissions voodoo.
Thanks in advance,
Steve
More information about the support
mailing list