Re: [Phpgroupware-users] news admin

[Dave Hall]

Matt Johnson <address@hidden> wrote:

> Is there a way to grant everyone write access to post
> news without making them an admin. Have I missed the
> point? Or am I missing something easy in how it works?
> It seems to me that only admins can post news. I want
> every member of staff to post news (and I don't really
> want to use the threaded forum to do the job. I like
> the news on the welcome page, and choosing forum as
> the starter app still requires clicking on the part of
> the user to read the latest news).

There is a security flaw in news_admin that allows anyone with access to
news_admin to use the add/edit news functions.  They just need to know
what the link is.  At the moment i am working on a spec to redo
news_admin.  I think the current version has many problems.  

The new version *may* have the following functions:
* Seperate site_news/news_admin modules
* Category based acls
* News writer and news publisher roles
  - anyone can add news ... but it is only viewable once published
* Ability to link news to sitemgr cats
* Teaser text
* Ability to manually edit creation date

Thats about it i think. 

Cheers

dave.hall.vcf
Description: Card for <dave.hall@mbox.com.au>