Forums / General / Roles and Policies Newbie question

Roles and Policies Newbie question

« 
Previous topic
|
General
|
Next topic
 »
Author Message

Uli Kimmich

Wednesday 20 April 2011 3:13:29 pm

I'm a newbie to roles and policies. The project I'm working on requires that every registered reporter after login only sees his stories that he wrote in the folder My Stories. Let's say I have 20 reporters that after login only see their individual stories they created.

I created a user group Reporter with role Reporter with the following policies:

Reporter content read Class( Folder ) , Section( Standard )
Reporter content read Subtree( My Stories ) , Class( Story ) , Section( Standard ) , Owner( Self )
Reporter user login SiteAccess( eng ) Reporter user selfedit No limitations

I'm stuck since it doesn't work as expected. All the stories show on each reporters page even if I login in with a different reporter account.

Please help. Thanks.

Uli

Nicolas Pastorino

Wednesday 20 April 2011 10:17:09 pm

Hi Uli,

Could you tell us more about the fetch function used to retrieve and display the children of the My Stories folder ? Any chance the 'limitation' parameter is used ? (feel free to paste the call to the fetch function here).

Cheers,

--
Nicolas Pastorino
Director Community - eZ
Member of the Community Project Board

eZ Publish Community on twitter: http://twitter.com/ezcommunity

t : http://twitter.com/jeanvoye
G+ : http://plus.tl/jeanvoye

Uli Kimmich

Thursday 21 April 2011 3:00:02 am

Hi Nicolas,

thank you for your quick reply. I really appreciate it.

Actually I haven't touched the template yet regarding the fetch function. I assumed that I could control the content through roles and policies only.

I'm using ezPublish 4.2011 and created a user group "reporters" with policy setting "Content read Owner (self)". Also I use the standard user class to create reporter objects. I figured that just by using Owner (self) would display only the content that a user created. So whenever a user creates an article he is the owner, I guess. After login only those articles of this specific user should be shown.

What is the purpose of having Owner(self) if it doesn't list me only the objects related to a specific user?

If I have to use a fetch function how would that look like?

Thank you.

Uli

Marko Žmak

Thursday 21 April 2011 6:37:38 am

Hm, maybe your users have some other role assigned that allows them to read articles.

For example they can have the Anonymous role assigned which can have the content/read/* policy. In that case every user would have access to all the articles regardless of any other new roless you assign.

Also, you should be clear about what you want to do:

  • a) restrict logged in users so that they can read only their articles and in no way to be able to read any other article
  • b) allow logged in users to read any article but have a special box in one part of the page where they can see only their articles

If yours is case a) then you should use the roles and policies to restrict it.

But if yours is case b) you should change the templates and use template fetch functions with attribute filtering. See here for the docs about template fetch functions:

  • http://doc.ez.no/eZ-Publish/Technical-manual/4.x/Reference/Modules/content/Fetch-functions/tree
  • http://doc.ez.no/eZ-Publish/Technical-manual/4.x/Reference/Modules/content/Fetch-functions/list

--
Nothing is impossible. Not if you can imagine it!

Hubert Farnsworth

Uli Kimmich

Thursday 21 April 2011 7:05:57 pm

Hi Marko,

thanks for your reply.

Case a) is what I'd like to implement.

I created a Usergroup "Reporters" and a role "Reporters" with the following policies:

content create No limitations
content edit Owner( Self )
content read Owner( Self )
user login SiteAccess( eng )
user password No limitations
user selfedit No limitations
websitetoolbar all functions No limitations

After creating user1 and user2 I assign them to the usergroup Reporters with role Reporters.

After I login with user1 I created an article. After logout I logged in with user2 and the article shows also under user2. Anything I did wrong?

Thanks.

Uli

Marko Žmak

Thursday 21 April 2011 11:22:46 pm

Some things to check:

  • does the "Reporters" group have any other roles asigned
  • does the "Reporters" group belong to any other user group
  • when you look at your site as anonymous user (not logged in) can you see this article made by user1?
  • try disabling the cache on your site

--
Nothing is impossible. Not if you can imagine it!

Hubert Farnsworth

Uli Kimmich

Friday 22 April 2011 7:40:54 pm

Hi Marko,

thank you. Yes, it is the cache that causes the problem. Once it is disabled it seem to work now.

Thanks again.

Uli

Marko Žmak

Saturday 23 April 2011 2:17:31 am

Disabling cache is not a good solution, you should use ViewCacheTweak configuration setting and set it to pr_user.

By default the cache in eZP is not generated per user but you have the same cache for the users that have the same set of roles. This ViewCacheTweak settings allows you to have a per user cache.

The setting is not documented in the official eZ docs but you can find some info about it here:

  • http://serwatka.net/blog/ez_publish_4_1_and_4_2_hidden_gems
  • http://share.ez.no/forums/setup-design/viewcaching-per-user

and also take a look at the settings/site.ini and read the info below ViewCacheTweak.

--
Nothing is impossible. Not if you can imagine it!

Hubert Farnsworth

Uli Kimmich

Sunday 24 April 2011 11:41:33 pm

Thanks Marko. I'll check it out.

Uli