Bug in Role Management

Topics: Business Logic Layer
Jan 4, 2011 at 10:28 AM

If you want to secure your blog (private mode) you go to admin / users / roles and edit settings for the anonymous role. But be careful. If you uncheck all rights und save it all default rights will be restored and the anonymous role has access again. You have to keep at least one setting checked. Tested on W2K8 Server / IIS 7 / .net 4 / Integrated / SQLCE 4.

 

Issue created.

 

Cheers,

René

Jan 5, 2011 at 12:15 PM

It looks like it works as designed. If a role hasn't got any association with right, then the default rights are assumed.

It would require a bit of a redesign to fix it.

 

Coordinator
Jan 5, 2011 at 7:28 PM

I explained the behavior in the issue.  It could be improved though so this doesn't happen.

Jan 27, 2011 at 9:12 PM

Work around until the bug is resolved...

If you want to secure your site such that Anonymous users can’t access the site edit the rights for the Anonymous role and select only “View Public Comments”. Since comments only appear on post pages anyone accessing the site goes straight to the login page.