How to deny Anonymous users re-edit their content?

Sunday 12 February 2006 3:51:46 pm

Searching around a bit on how to avoid Anonymous Users having access to editing other Anonymous Users's data. Do I still have to patch/hack ez??

The patch / hack I'am talking about is over 2 years old:
http://ez.no/community/bugs/how_to_allow_simple_posting_for_anonymous_users_no_login_requirements

As I see it, this could be solved be adding Status preference (like Status( Draft , Pending )) to < content, edit > Policies.

Anonymous Forum users role, have this Policies:

content create Class( Forum topic ) , ParentClass( Forum ) 
	
content create Class( Forum reply ) , ParentClass( Forum topic ) 
	
content versionread Class( Forum topic , Forum reply ) , Owner( Self ) , Status( Draft , Pending ) 

content edit Class( Forum topic , Forum reply ) , Owner( Self ) 

And in my situation letting the Anonymous Users editing their post after its published is not something we want or need.

Any sugestion on how to acomplish this ??

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Thursday 16 March 2006 2:37:03 am

Well,

I've updated to version 3.7.4 and this problem seems to be still there.

One solution - with a major security leak - is to allow anonymous users to edit their content and hide editing tools. But you can imagine that it would be nice to improve this as soon as possible.

The solution is to associate the edit priviledge for the first version of an object for users who can create these objects. But I don't know how to do this without modifing the kernel.

Antoine