restrict login to object/section/folder??

Thursday 27 February 2003 2:52:35 am

> As it seems the role model is limited OR I don't understand
> completely what's going on but..
>
> I would like to limit the adminrights of editors to the
> folder (plus children) containing their site. How to go?
>
> I can limit rights to a module, but all the sites/folders
> are handled by content and the rest of the modules named are
> uncharted territory. For me it would seem much more logical
> if I could restrict users to sections or classes. (No!
> You're not allowed to write in the news-folder!)
>
> On a side note it also seems that the list of modules is
> just the list of subdirectories in the kernel directory
> linking the cms part to the physical environment. A CMS
> should,imnho, be self-contained in this matter and
> roles/security should deal with the CMS and not with "weird"
> things on disc. The system administrator can deal with
> those..
>
> Anyhow, leaves the question "how to restrict users to a
> section/folder or other object?"

Your question first:
You can define policies to control a user's access to sections.
Take a look to this one: http://developer.ez.no/forum/message/14977

Your general comments on the current ezp authorisation model next:

Yes, you got things right! ezp3 is still quite limited in its ability to support fine-tuned authorisation regimes. I spent some time to study the diverse authorisation utilities shipped with ezp3 and finally wrote rather exhausting comments on this, e.g. this one:

http://developer.ez.no/forum/message/14601/

I have also issued a bunch of authorisation-related feature requests to the ezp3 bug reportings.

Hope that helps.