Forums / Developer / 4.3 Roles and Policies: How to restrict object editing to only "Content" attributes?

4.3 Roles and Policies: How to restrict object editing to only "Content" attributes?

Author Message

Thiago Campos Viana

Monday 26 April 2010 7:19:12 am

Could someone help me with content attribute grouping in eZ Publish 4.3?

Is it possible to disable meta attributes editing for a group of users?

eZ Publish Certified Developer: http://auth.ez.no/certification/verify/376924

Twitter: http://twitter.com/tcv_br

tom stovall

Monday 26 April 2010 12:28:26 pm

Well, Not saying this is the way to do it, but what I would do is edit the associated role and add a policy that only allows the user read access to any user objects where they are the owner, e.g. their user object.

I think, however, that will disable their ability to change their own password.

You could also change the user/edit template so they can only change what you want them to change...???

-tom

Thiago Campos Viana

Monday 26 April 2010 4:39:10 pm

"

... but what I would do is edit the associated role and add a policy that only allows the user read access to any user objects where they are the owner, e.g. their user object....

...

You could also change the user/edit template so they can only change what you want them to change...???

-tom

"

I would block some attributes of the user own object, like hit counter, rating, and others... so, even he is the owner of the object, I wouldn't allow him to edit all the fields. If I modify the edit template it is not secure because the user could use firebug and add/modify fields... I had this problem some time ago, the user edited some hidden fields with firebug, then he used firebug to create the fields I removed from editing template and I got some problems. The best solution would be to control the user allowed editing attributes to some groups.

eZ Publish Certified Developer: http://auth.ez.no/certification/verify/376924

Twitter: http://twitter.com/tcv_br

Jérôme Vieilledent

Tuesday 27 April 2010 12:01:10 am

Hi Thiago

Unfortunately, it is not (yet) possible to apply security policies at the attribute level. A hack does exist, but maybe you should wait a little as this feature has been waited for a long time and is claimed for Fuji next release (see features requests and ideas).

Norman Leutner

Tuesday 27 April 2010 12:50:21 am

Currently policies at attribute level are not on the roadmap for the upcoming releases !

see: http://ez.no/ezpublish/roadmap

Mit freundlichen Grüßen
Best regards

Norman Leutner

____________________________________________________________
eZ Publish Platinum Partner - http://www.all2e.com
http://ez.no/partners/worldwide_partners/all2e_gmbh

André R.

Tuesday 27 April 2010 5:57:04 am

Correct, it is not on the roadmap.
Might make more sense to do it pr attribute category, but then the storage of it should improve some..

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Thiago Campos Viana

Tuesday 27 April 2010 7:12:28 am

ok, thank you all!

I'm looking forward to this feature.

eZ Publish Certified Developer: http://auth.ez.no/certification/verify/376924

Twitter: http://twitter.com/tcv_br

Jérôme Vieilledent

Tuesday 27 April 2010 8:05:59 am

"

Correct, it is not on the roadmap.
Might make more sense to do it pr attribute category, but then the storage of it should improve some..

"

This approach may be interesting :)

Thiago Campos Viana

Tuesday 27 April 2010 11:07:39 am

"
"

Correct, it is not on the roadmap.
Might make more sense to do it pr attribute category, but then the storage of it should improve some..

"

This approach may be interesting :)

"

Could someone please tell me how to do that?

eZ Publish Certified Developer: http://auth.ez.no/certification/verify/376924

Twitter: http://twitter.com/tcv_br