A package that secures lists of liberty content when custom content permissions are used

Created by: Will, Last modification: 02 May 2008 (01:56 UTC)
This package is in Beta for use with R2

LibertySecurePackage patches a missing part of the custom content permissions feature of liberty: permissions checking when mixed lists of content are requested.

It does two things to accomplish this. 1) It registers the default View, Edit, and Admin content permissions content types have. 2) It adds sql to LibertyContent::getContentList which is used by many packages, typically search like packages to get lists of mixed content.

Get the Code: Checkout _bit_libertysecure from cvs.

To use install checkout the package from cvs. Then install it. Once installed go to its administration panel, and click "Register Content Types". WARNING!: If you installed bitweaver before Feb 26th 2008, or installed bitweaver from code created before that date, then you need to do one extra step before registering the content types. You need to make sure all the content types you are using are already in the liberty_content_types table. In sql select * from liberty_content_types and check that the results list shows all the various content types you are using on your site, such as wiki pages, blog posts, etc. If any are missing any, you can pump them into that table by simply requesting their edit or list feature, like list blog posts. Yes this sounds archaic, which is why it was patched on Feb 26th 2008, but you should make sure you do this for security purposes if you are using custom content permissions and libertysecure.


by Chris, 03 Aug 2008 (11:58 UTC)
Any idea why users now see 2 of each file in galleries?


by Chris, 03 Aug 2008 (12:07 UTC)
OK - I guess permissions are ANDed together and not made distinct.. at a guess... I removed some of the permissions already applied to a group the users were in and already in registered...
  Page 1 of 1  1