Forums / Developer / Role subtree limit exception

Role subtree limit exception

Next topic

Author	Message
Samuel Sauder	Monday 27 March 2006 7:43:42 am In trying to configure my roles appropriately, I am running into something that I can't figure out. There are three subtree items /top1/sub1/ and /top1/sub2/ and /top1/sub3/. What I want is that user A has access to all of top1 but not sub3. And user B should have access to top1 with no limitations. I am currently using role limitations to give user A and B access to top1. Is it possible to do this exclusion? I would prefer not to change my policies (e.g. content\|edit...) or make sub3 a section.
Samuel Sauder	Wednesday 12 April 2006 6:06:26 am So do I take it that I need to make sub3 a section?
Atle Pedersen	Wednesday 12 April 2006 6:43:18 am Being new to eZ, I've also been trying to figure out alternative methods to using sections for access control. So far I've found no good solutions. It is possible to limit access to owner instead of sections, but since most nodes are owned by the creator, and ownership is not meant to change (at least that's what the on-line documentation says), this doesn't seem to be a viable solution. But if you want to try to do it this way still, node ownership can easily be modified by manipulating the database. I made it work just by changing ownership in a single table. So, as far as I know, sections seems to be the only way to do this at the moment. (Or maybe writing your own module to handle it?) But if anyone else has a possbile solution, I too would be interested in hearing it.

Author

Message

Monday 27 March 2006 7:43:42 am

In trying to configure my roles appropriately, I am running into something that I can't figure out. There are three subtree items /top1/sub1/ and /top1/sub2/ and /top1/sub3/. What I want is that user A has access to all of top1 but not sub3. And user B should have access to top1 with no limitations. I am currently using role limitations to give user A and B access to top1.

Is it possible to do this exclusion? I would prefer not to change my policies (e.g. content|edit...) or make sub3 a section.

Samuel Sauder

Wednesday 12 April 2006 6:06:26 am

So do I take it that I need to make sub3 a section?

Atle Pedersen

Wednesday 12 April 2006 6:43:18 am

Being new to eZ, I've also been trying to figure out alternative methods to using sections for access control.

So far I've found no good solutions. It is possible to limit access to owner instead of sections, but since most nodes are owned by the creator, and ownership is not meant to change (at least that's what the on-line documentation says), this doesn't seem to be a viable solution. But if you want to try to do it this way still, node ownership can easily be modified by manipulating the database. I made it work just by changing ownership in a single table.

So, as far as I know, sections seems to be the only way to do this at the moment. (Or maybe writing your own module to handle it?)

But if anyone else has a possbile solution, I too would be interested in hearing it.