Hi Matteo,
The algorithm uses just one ACL, which is the ACL with the longest
path. As all your ACLs have the same length Magnolia uses exactly one
of them and as much as I know you cannot say which one. Think about
using $ as the end of a regex expression to increase the path length
and try to avoid DENY when designing roles.
BTW it does not look to make much sense if an editor canNotEdit a Page ;-)
Ralf
Zitat von Matteo Pelucco <
matteo.pelucco@...>:
>
> Hi all, a question about ACL execution order.
>
> Imagine something like this:
>
> - a role "canEditPage" with R/W on <website>/
> - a role "canNotEditPage" with RO on <website>/
> - a role "canNotAccess" with DENY on <website>/
> - a group "editors" with "canEditPage" and "canNotEditPage" role assigned a
>
> Now, you create a user, "brian".
> At this user, you assign the role "canNotAccess" and the group "editors".
>
> In this case, which is the final effect?
> How does Brian behave with pages on root node of website ws?
>
> Matteo
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.htmlTo unsubscribe, E-mail to: <
user-list-unsubscribe@...>
----------------------------------------------------------------
