Author
|
Message
|
Thiago Campos Viana
|
Monday 26 April 2010 7:19:12 am
Could someone help me with content attribute grouping in eZ Publish 4.3? Is it possible to disable meta attributes editing for a group of users?
eZ Publish Certified Developer: http://auth.ez.no/certification/verify/376924
Twitter: http://twitter.com/tcv_br
|
tom stovall
|
Monday 26 April 2010 12:28:26 pm
Well, Not saying this is the way to do it, but what I would do is edit the associated role and add a policy that only allows the user read access to any user objects where they are the owner, e.g. their user object. I think, however, that will disable their ability to change their own password. You could also change the user/edit template so they can only change what you want them to change...??? -tom
|
Thiago Campos Viana
|
Monday 26 April 2010 4:39:10 pm
"
... but what I would do is edit the associated role and add a policy that only allows the user read access to any user objects where they are the owner, e.g. their user object.... ... You could also change the user/edit template so they can only change what you want them to change...??? -tom
"
I would block some attributes of the user own object, like hit counter, rating, and others... so, even he is the owner of the object, I wouldn't allow him to edit all the fields. If I modify the edit template it is not secure because the user could use firebug and add/modify fields... I had this problem some time ago, the user edited some hidden fields with firebug, then he used firebug to create the fields I removed from editing template and I got some problems. The best solution would be to control the user allowed editing attributes to some groups.
eZ Publish Certified Developer: http://auth.ez.no/certification/verify/376924
Twitter: http://twitter.com/tcv_br
|
Jérôme Vieilledent
|
Tuesday 27 April 2010 12:01:10 am
Hi Thiago Unfortunately, it is not (yet) possible to apply security policies at the attribute level. A hack does exist, but maybe you should wait a little as this feature has been waited for a long time and is claimed for Fuji next release (see features requests and ideas).
|
Norman Leutner
|
Tuesday 27 April 2010 12:50:21 am
Currently policies at attribute level are not on the roadmap for the upcoming releases ! see: http://ez.no/ezpublish/roadmap
Mit freundlichen Grüßen
Best regards
Norman Leutner
____________________________________________________________
eZ Publish Platinum Partner - http://www.all2e.com
http://ez.no/partners/worldwide_partners/all2e_gmbh
|
André R.
|
Tuesday 27 April 2010 5:57:04 am
Correct, it is not on the roadmap. Might make more sense to do it pr attribute category, but then the storage of it should improve some..
eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom
|
Thiago Campos Viana
|
Tuesday 27 April 2010 7:12:28 am
ok, thank you all! I'm looking forward to this feature.
eZ Publish Certified Developer: http://auth.ez.no/certification/verify/376924
Twitter: http://twitter.com/tcv_br
|
Jérôme Vieilledent
|
Tuesday 27 April 2010 8:05:59 am
"
Correct, it is not on the roadmap. Might make more sense to do it pr attribute category, but then the storage of it should improve some..
"
This approach may be interesting :)
|
Thiago Campos Viana
|
Tuesday 27 April 2010 11:07:39 am
"
"
Correct, it is not on the roadmap. Might make more sense to do it pr attribute category, but then the storage of it should improve some..
"
This approach may be interesting :)
"
Could someone please tell me how to do that?
eZ Publish Certified Developer: http://auth.ez.no/certification/verify/376924
Twitter: http://twitter.com/tcv_br
|