27 Sep 2012
25 Feb 2007
Link to this post
I have downloaded the latest release dated 23/2 and have a question about roles and access to admin.
I created a bunch of pages and one page called FAQ with allow anonymous set to 'no', created a role called 'test' and assigned a user called "testuser" and gave the testrole access to view the faq page and do nothing else to it like edit etc.
Went through the site, on navigating to FAQ I got redirected to logon, logged in as testuser and got redirected back to the FAQ page. Great just what I wanted.
However i noticed testuser can go to /admin and get into the backend. Granted testuser can't do anything except browse and navigate around the admin but I cannot see how you can stop a logged in user from accessing admin if you don't want them to.
Should you be able to disable access to admin for some users? eg. I want a role that is a public only role - no access to admin but access to site pages.
I guess I could put a web.config in the admin directory with the permission for access to pages in that directory but surely you should be able to set this through the admin?
By the way... I think it is great that yo have done away with the 2 different membership systems from 2.7 - much more flexible.