From 8603509e30ec505ec666797a1ae2c16ea7338ab2 Mon Sep 17 00:00:00 2001
From: mikl <>
Date: Mon, 5 May 2008 13:02:01 +0000
Subject: Fixed flaw in blog-tutorial's authentication rules.
---
demos/blog-tutorial/protected/pages/Day4/CreateNewPost.page | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
(limited to 'demos/blog-tutorial/protected/pages/Day4/CreateNewPost.page')
diff --git a/demos/blog-tutorial/protected/pages/Day4/CreateNewPost.page b/demos/blog-tutorial/protected/pages/Day4/CreateNewPost.page
index c81e634c..7797efaa 100644
--- a/demos/blog-tutorial/protected/pages/Day4/CreateNewPost.page
+++ b/demos/blog-tutorial/protected/pages/Day4/CreateNewPost.page
@@ -7,18 +7,24 @@ The NewPost page is provided to authenticated users for creating new bl
-Because NewPost can only be accessed by authenticated users, we add a page configuration file config.xml under the directory protected/pages/posts. The configuration specifies that guest users cannot access NewPost and EditPost which is to be introduced in the next section.
+Because NewPost can only be accessed by authenticated users, we add a page configuration file config.xml under the directory protected/pages/posts. The configuration specifies that authenticated users can access NewPost and EditPost which is to be introduced in the next section. All other users only have access to ListPost and ReadPost.
-
+
+
+
+
+It's always a good idea to start with a deny="*" catch all rule at the bottom and then step by step grant access to pages with additional rules.
+
+
As the number of our pages expands, we would like to modify MainLayout so that in the footer of our blog pages there are links to various pages, including the homepage, the NewUser page (visible to the administrator only), and the upcoming NewPost page (visible to authenticated users only).
--
cgit v1.2.3