Forums / Setup & design / Help - Confused - Users, Roles and Policies etc

Help - Confused - Users, Roles and Policies etc

Author Message

neil clark

Wednesday 21 June 2006 6:16:03 am

I'm sure it's very simple when you know how but I can't get specific user permissions working for me.

Could someone please walk me through how to do the following.

I need to give a user the permission to edit and create content within a specified folder. Sounds so simple but my various attempts have failed.

Help please, many thanks
Neil

Kristof Coomans

Wednesday 21 June 2006 11:15:27 am

Hello Neil

You have to add the following policies to a role:
- module: content, function: edit, node: [your folder]
- module: content, function: create, node: [your folder] (specify extra limitations on class if you want)

Then assign the role to your user, with a subtree limitation.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

neil clark

Thursday 22 June 2006 1:50:49 am

Ok so what am I doing wrong? Please help soon! Cheers Neil

<b>Role</b>
Name: advice_editor

<b>Policies [3]</b>
Module > Function > Limitation
content > edit > Node( Advice Centre )
content > create > Node( Advice Centre )
user > login > No limitations

<b>Users and groups using the <advice_editor> role [1]</b>
User > Limitation
User advice editor > Subtree (/1/2/108/111/) - This is the Advice Centre folder, identical to Node specified in above Role.

The user can log into the ez admin view but gets the following error

> Error / kernel (1)
The requested page could not be displayed. (1)
The system is unable to display the requested page because of security issues.
Possible reasons:
* Your account does not have the proper privileges to access the requested page.
* The requested page does not exist. Try changing the URL.

Kristof Coomans

Thursday 22 June 2006 2:25:03 am

Assign a role with the content/read policy to your user.

It seems I was a bit tired when I posted my previous reply here, if you're assigning with a subtree limitation then you don't have to limit the policies to the specific node.
Module > Function > Limitation
content > edit
content > create
user > login > No limitations
</code>

Now the user can create stuff in the whole subtree under the specified folder.

But if you want the user to only create stuff directly under the specified folder, then use the node limitation instead.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

neil clark

Thursday 22 June 2006 3:10:22 am

Ok I got it working using this method (before u replied)

Policies
Module > Function > Limitation
content > edit > Node( Advice Centre )
content > create > Node( Advice Centre )
content > read > No limitations
user > login > No limitations

Users and groups using the <advice_editor> role [1]
User > Limitation
User advice editor > No Limitations

My only minor problem with this is - when they log into admin view, i would like them to only see the content folder that they can edit, how can I do this? We have a large site and I'd like to simplify things editors.

Following your reply I have tried this method, which is I think what you suggested..[Edited: I think I've spotted the difference between what you said about assigning the read policy to the user, not within this role, yes?]

Policies
Module > Function > Limitation
content > edit > No limitations
content > create > No limitations
content > read > No limitations
user > login > No limitations

Users and groups using the <advice_editor> role
User/group Limitation
User advice editor Subtree (/1/2/108/111/) (this is the folder I want them to edit within)

But this causes same read problems as before, so still a little confused.

Kristof Coomans

Thursday 22 June 2006 4:21:12 am

Hi Neil

You can let your user redirect to a specific node after logging in: http://ez.no/doc/ez_publish/technical_manual/3_8/features/advanced_redirection_after_login . By default the user ends up on the content root node, but in your case he has no read access on it.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Keir

Monday 10 July 2006 6:14:38 am

What we were trying to achieve was only letting certain users see certain parts of the subtree, which seems to be a very straightforward and almost standard CMS task.

From what you imply, permissions to access can be applied but the actual visual limiting of the subtree cannot be achieved? Would we insteand be better using the admin front-end with add/edit buttons to achieve an equivalent?

Most perplexed.

Kristof Coomans

Friday 14 July 2006 10:59:26 am

Hi Keir

What exactly do you mean with "permissions to access can be applied but the actual visual limiting of the subtree cannot be achieved" ?

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Keir

Thursday 20 July 2006 2:27:29 am

Hi Kristof,

I meant that permissions can be set so admin users can only have granted access to certain areas of the subtree...if they go to the homepage of the admin backend they would get accessed denied but if they go to a specific area of the backend for which they are granted access, they can then see what they need to.

What we wanted to achieve was manipulation of the content subtree on the LHS so that if you only had access to a certain sub-folder of the content tree, that and it's parents would be visible but nothing else.

Seems like a very simple and key function but there is no obvious or documented means to do so. For now we're opting to have a front-end editing setup for the site and have only a few technical main admin users for the backend.

Yours, confused.