[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] news admin
From: |
Dave Hall |
Subject: |
Re: [Phpgroupware-users] news admin |
Date: |
Thu, 21 Nov 2002 11:39:12 +1100 |
Matt Johnson <address@hidden> wrote:
> Is there a way to grant everyone write access to post
> news without making them an admin. Have I missed the
> point? Or am I missing something easy in how it works?
> It seems to me that only admins can post news. I want
> every member of staff to post news (and I don't really
> want to use the threaded forum to do the job. I like
> the news on the welcome page, and choosing forum as
> the starter app still requires clicking on the part of
> the user to read the latest news).
There is a security flaw in news_admin that allows anyone with access to
news_admin to use the add/edit news functions. They just need to know
what the link is. At the moment i am working on a spec to redo
news_admin. I think the current version has many problems.
The new version *may* have the following functions:
* Seperate site_news/news_admin modules
* Category based acls
* News writer and news publisher roles
- anyone can add news ... but it is only viewable once published
* Ability to link news to sitemgr cats
* Teaser text
* Ability to manually edit creation date
Thats about it i think.
Cheers
dave.hall.vcf
Description: Card for <dave.hall@mbox.com.au>