Forums / Setup & design / User Permissions - Limit Functionality

User Permissions - Limit Functionality

Next topic

Author	Message
Philip Redmon	Tuesday 20 July 2004 2:06:01 pm I have a site that functions as a procurement-like database. Users are allowed to enter items in the custom Entry Class. However, some users need to be able to view the entire Entry Class including a cost attribute, and some users need to be able to NOT view this cost attribute. The three different types of users are: Admin (all), Editor (View/Add/Edit/Delete Self, View all other's entries except cost attribute), User (View all entries except cost attribute). I don't see how user roles can be used to allow this to happen. Any ideas?
Bruce Morrison	Tuesday 20 July 2004 6:49:19 pm Hi eZ Publish permissions work on objects and don't extend to object attributes. I believe that your only option in this case to to build the user checking into the Entry template. This may shed some light on how to do this http://ez.no/ez_publish/documentation/customization/tips_tricks/hiding_attribute_content Cheers Bruce http://www.designit.com.au/ My Blog: http://www.stuffandcontent.com/ Follow me on twitter: http://twitter.com/brucemorrison Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish
Philip Redmon	Thursday 12 August 2004 8:43:53 am For any interested, I set up the solution by disallowing all users except admin to view two specific attributes (cost, costnotes) for this list view, and then created a user role to allow for "edit self". So, if you are admin, you can view all attributes on a browse page, and are allowed to edit all files. If you are an editor, you can view all attributes except two on a browse page, and are allowed to edit your own files and view the cost from the edit form. If you are a generic user, you are only allowed to view attributes on the browse page and are not allowed to view the cost. <table width=100% border=1 bordercolor=#660000 cellpadding=10 cellspacing=0> {* Loop through all the entries. } {section name=collectionLoop loop=$collectionList} <tr><td> {section show=$:item.object.can_edit} <form method="post" action={"content/action/"\|ezurl}> <input type="hidden" name="RedirectURI" value="{concat("/edit/",$:item.object.id,"/")}" /> <input class="button" type="submit" name="EditButton" value="{'Edit'\|i18n('design/standard/node/view')}" /> <input class="button" type="submit" name="ActionRemove" value="{'Remove'\|i18n('design/standard/node/view')}" /> <input type="hidden" name="ContentNodeID" value="{$:item.node_id}" /> </form> {/section} <br /> { grab and show all attributes for this object } {default content_object=$node.object content_version=$node.contentobject_version_object node_name=$node.name} {section name=Attribute loop=$:item.contentobject_version_object.contentobject_attributes} {let user=fetch( 'user', 'current_user' ) is_admin=$:user.groups\|contains( 12 ) is_self=$node.creator.id\|contains($:user.contentobject_id)} {switch match=$:item.contentclass_attribute.identifier} {case match="cost"} { only display cost if this is an administrator } {section show=$:is_admin } { Display your attribute and attribute value } {$:item.contentclass_attribute.name} :{attribute_view_gui attribute=$:item} {/section} {/case} {case match="costnotes"} { only display costnotes if this is an administrator } {section show=$:is_admin} { Display your attribute and attribute value } {$:item.contentclass_attribute.name} :{attribute_view_gui attribute=$:item} {/section} {/case} {case} { default, display as normal } { Display your attribute and attribute value } {$:item.contentclass_attribute.name} :{attribute_view_gui attribute=$:item} {/case} {/switch} {/let} {/section} {/default} { End Loop through all entries *} {/section} </table>

Author

Message

Tuesday 20 July 2004 2:06:01 pm

I have a site that functions as a procurement-like database. Users are allowed to enter items in the custom Entry Class. However, some users need to be able to view the entire Entry Class including a cost attribute, and some users need to be able to NOT view this cost attribute.

The three different types of users are: Admin (all), Editor (View/Add/Edit/Delete Self, View all other's entries except cost attribute), User (View all entries except cost attribute).

I don't see how user roles can be used to allow this to happen. Any ideas?

Bruce Morrison

Tuesday 20 July 2004 6:49:19 pm

eZ Publish permissions work on objects and don't extend to object attributes. I believe that your only option in this case to to build the user checking into the Entry template.

This may shed some light on how to do this
http://ez.no/ez_publish/documentation/customization/tips_tricks/hiding_attribute_content

Cheers
Bruce http://www.designit.com.au/

My Blog: http://www.stuffandcontent.com/
Follow me on twitter: http://twitter.com/brucemorrison
Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish

Philip Redmon

Thursday 12 August 2004 8:43:53 am

For any interested, I set up the solution by disallowing all users except admin to view two specific attributes (cost, costnotes) for this list view, and then created a user role to allow for "edit self".

So, if you are admin, you can view all attributes on a browse page, and are allowed to edit all files.

If you are an editor, you can view all attributes except two on a browse page, and are allowed to edit your own files and view the cost from the edit form.

If you are a generic user, you are only allowed to view attributes on the browse page and are not allowed to view the cost.

<table width=100% border=1 bordercolor=#660000 cellpadding=10 cellspacing=0>

{* Loop through all the entries. *}
{section name=collectionLoop loop=$collectionList}

<tr><td>
 
{section show=$:item.object.can_edit}
   <form method="post" action={"content/action/"|ezurl}>

   <input type="hidden" name="RedirectURI" value="{concat("/edit/",$:item.object.id,"/")}" />
   <input class="button" type="submit" name="EditButton" value="{'Edit'|i18n('design/standard/node/view')}" />

   <input class="button" type="submit" name="ActionRemove" value="{'Remove'|i18n('design/standard/node/view')}" />
   <input type="hidden" name="ContentNodeID" value="{$:item.node_id}" />

   </form>
{/section}
<br />

{* grab and show all attributes for this object *}
{default content_object=$node.object
         content_version=$node.contentobject_version_object
         node_name=$node.name}

{section name=Attribute loop=$:item.contentobject_version_object.contentobject_attributes}

{let user=fetch( 'user', 'current_user' )
                is_admin=$:user.groups|contains( 12 )
                is_self=$node.creator.id|contains($:user.contentobject_id)}

    {switch match=$:item.contentclass_attribute.identifier}

      {case match="cost"}
      {* only display cost if this is an administrator *}
        {section show=$:is_admin }
{* Display your attribute and attribute value *}
{$:item.contentclass_attribute.name}
:{attribute_view_gui attribute=$:item}
        {/section}
      {/case}

      {case match="costnotes"}
      {* only display costnotes if this is an administrator *}
        {section show=$:is_admin}
{* Display your attribute and attribute value *}
{$:item.contentclass_attribute.name}
:{attribute_view_gui attribute=$:item}
        {/section}
      {/case}

      {case}
      {* default, display as normal *}
{* Display your attribute and attribute value *}
{$:item.contentclass_attribute.name}
:{attribute_view_gui attribute=$:item}
      {/case}
    {/switch}
    {/let}
    {/section}
    {/default}

{* End Loop through all entries *}
{/section}
</table>