Page 1 of 1

The custom action is open without any authentification

PostPosted: Tue Jan 22, 2008 1:18 am
by Yann
Hello Steve,
Anyone can access my custom action through the login page without any authentification. Have you a suggestion about where this problem comes from ?
Cheers
Jean

PostPosted: Tue Jan 22, 2008 10:04 am
by shannah
Custom actions have not permissions associated with them by default. You need to add permission entry in the actions.ini file for that action if you want to limit it.

e.g.
Code: Select all
[my_custom_action]
    permission=view


This would make it so that the user needs the view permission to access this action.

It is sometimes useful to create custom permissions corresponding to your custom action.

e.g.
in the permissions.ini file create a permission called 'my_custom_permission' then add this permission to certain roles.

Code: Select all
my_custom_permission = "Permission for my custom action"

;; A custom role
[MY CUSTOM ROLE extends READ ONLY]
    my_custom_permission=1

PostPosted: Thu Jan 24, 2008 1:28 am
by Yann
Thank you Steve!