Hello
I’ve installed the blog demo from srbac.
After that I changed from sqlite to mysql.
This worked fine.
But why is it possible to create a Post with the default demo user?
Demo is only assigned to the role AlwaysAllow. In this role are the following Operations allowed:
CommentIndex
PostView
PostIndex
PostSuggestTags
SiteCaptcha
SitePage
SiteError
SiteContact
SiteLogin
SiteLogout
There is no PostCreate?
Why is it possible to create a Post?
This is from memory, and I’ve not used the srbac blog demo so may not be 100%…:
Make sure that "debug" is set to false in the srbac module configuration in main.php.
Assign the "Authorizer" role (or your equivalent) to your administrator.
I think that until those two things are done the default behaviour of srbac is to give everyone access. The answers are in the documentation here - but it takes a bit of digging to find them.
Hope that helps,
Paul.
Yeah! Thats it
I didn’t know that the debug-mode disable the function of srbac.
Thank you so much!!!!