attributeedit policy

Author Message

Kristof Coomans

Tuesday 11 April 2006 2:12:48 am

Hi guys

I've made a hack to limit the editing of content objects to specific attributes.

You can download the modified files for eZ publish 3.7.5 at
http://pubsvn.ez.no/community/trunk/hacks/attributeedit_policy/3.7.5

You can now use a new policy content/attributeedit with limitations to full classes or specific attributes. You still need the content/edit policy to edit an object.

Note: only modified template for content/edit_attribute.tpl of the admin interface is provided.

Please test it and let me know what you think about it. Have fun!

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Gabriel Ambuehl

Friday 14 April 2006 8:49:30 am

This is quite possibly the single most useful hack ever (and something that really SHOULD live in core).

In my limited testing it worked perfectly. Thanks a lot for sharing this!

Visit http://triligon.org

Paulo Almeida

Friday 14 April 2006 9:28:53 am

I think this is great. An already expected policy.
I haven't used this but.....How about integrate in ez trunk ?

PACPI.COM Internet Consulting
http://pacpi.com

Kristof Coomans

Sunday 16 April 2006 1:36:55 am

I'll try to make a patch for the trunk this week and send a mail to the sdk mailinglist to see if it can make it's way into the official trunk.

I also had some extra policy function limitations in mind:

- ObjectStatus: Draft (e.g. when the attribute can be filled in once but can never be changed), Published
- ClassGroup (maybe I'll patch the other content policies too)

- Section (like content/read)
- Subtrees (like content/read)
- Nodes (like content/read)

If you know any other useful limitation, please let me know.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Kristof Coomans

Tuesday 18 April 2006 2:23:10 am

The modified files for the trunk were added together with limitations for objectStatus and Language.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

J-A Eberhard

Sunday 28 January 2007 2:54:42 am

How to install?

I placed the extension, activated it, and went to http://mydomain.com/admin/role/policyedit/543 hoping to see the modified edit_attribute.tpl showing up, but none...

Using 3.9.0 with ezwebin

Thanks

Open Source Solution Provider
Open-Net Ltd Switzerland
http://www.open-net.ch

Kristof Coomans

Sunday 28 January 2007 4:04:58 am

This is not an extension. You need to replace the kernel files.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

kracker (the)

Sunday 28 January 2007 5:48:43 am

There is a node on eZpedia on this subject, feel free to add to it!
<i>http://ezpedia.org/wiki/en/ez/attributeedit_policy</i>

//kracker

<i>The outro, thebroken--0004--ep4 @ 19:26</i>

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Yves B

Tuesday 20 February 2007 12:29:02 pm

Fixed in rev 1487 : The function fetchInput did not protect from value input or malicious post :

if ( $fetchInput == true &&
$contentObjectAttribute->canEdit() !== 1 )
{
$fetchInput == false;
}

Changed "$fetchInput == false;" by "$fetchInput = false;" (only one equal sign) ,
then user inputs or posted values are really discarded.

J-A Eberhard

Tuesday 13 March 2007 1:01:10 am

Hi Kristof,

I Love the this extzension and would like to uses it in the context of User > Selfedit.
I would like to control, attribute by attribute, what a user can edit about himself

Could you give me some hints how I could achieve it.

Thanks

Open Source Solution Provider
Open-Net Ltd Switzerland
http://www.open-net.ch

Kristof Coomans

Tuesday 13 March 2007 9:27:20 am

Hi J-A

I think you can use it the same way as you do for other types of content objects, though I haven't tested this.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

J-A Eberhard

Tuesday 13 March 2007 1:23:35 pm

What I would like to have is the possibility to allow the user to edit specific attributes of it's own profile, then to link them to a validation workflow.

If I use the 'selfedit' policy of the 'user' module, the user can edit all it's attributes.
I can choose to display only some attributes in the template, but it's not a very secure solution.

If I use your policy under the 'content' module, I can specify which attributes can be edited but I cannot define a 'selfedit' policy (as the user is not the owner of it's object).

What I'm searching is to know how to hack your contrib to have it working under the selfedit policy of the user module.

Like that, If a user change one of it's field, I can launched a validation workflow and your placeusers to securely let the users select their own rights on eZ publish.

Thanks to let me know your feeling, easy, hard or wrong way to do it!!!

Open Source Solution Provider
Open-Net Ltd Switzerland
http://www.open-net.ch

Kristof Coomans

Tuesday 13 March 2007 11:52:38 pm

You can use the owner limitation (value: self) for user objects too. Also see my comment on http://issues.ez.no/9416

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

J-A Eberhard

Thursday 15 March 2007 9:06:17 am

[Solved]
I just forgot that users are objects like any other, works like a charm...
Thanks

Open Source Solution Provider
Open-Net Ltd Switzerland
http://www.open-net.ch

Maurizio Betti

Saturday 28 April 2007 7:18:31 am

Hi,

compliments for this wonderful hack! It Hope it will soon included in standard distribution.

Best regards

Maurizio Betti
http://www.arsweb.it
http://www.hospes.it

Maurizio Betti

Saturday 28 April 2007 7:51:31 am

Hi,

I'm just testing your hack, but I found an incompatibily error while using at the same time the "Automated user placement" workflow contrib ( http://ez.no/community/contribs/workflow/automated_user_placement_for_ez_publish_3_8 ).

In detail, when I overwrite the php file under kernel/content/classes, and try to create new user from public site (with "Automated user placement" active), the system creates a void user (without name, surname, accont data, etc...).

Any idea to fix it?

I'm currently runs with eZ3.9.1 and php4.4

Any suggestion will be very appreciated.

Maurizio Betti
http://www.arsweb.it
http://www.hospes.it

Kristof Coomans

Sunday 29 April 2007 2:01:24 am

Hi Maurizio

Are you sure this has something to do with the automated user placement workflow event? Did you put your workflow on the post-publish trigger? Please disable the workflow event and let us know if the problem is still there.

Can you give me a detailed list of the policies you assigned to the anonymous user? Maybe the user doesn't have permission to modify the attributes of the user object (like the user account attribute) and the template used for user/register hasn't been modified to take this into account. Use $attribute.can_edit in your template code to check if edit is allowed for a specific object attribute $attribute.

Good luck!

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Maurizio Betti

Sunday 29 April 2007 4:38:50 am

Hi Kristof,

many thanks for your quick answer. I apologized for my mistake...as your suggestion I didn't assigned to anonymous user the permission to modify the attributes of the user object.

Now everything seems goes right.

Thank you again.

Maurizio Betti
http://www.arsweb.it
http://www.hospes.it

J-A Eberhard

Thursday 23 August 2007 2:27:09 pm

Hi Kristof,

I had you code running in an 3.9.2 version.
I did an upgrade to 3.9.3 and it's looking like that the function name (attributeedit) is not passed to the permission system. All edit screen have an error with
Module = content
Function =

I downgraded it to 3.9.2 and it's working again.

Regards

JAE

Open Source Solution Provider
Open-Net Ltd Switzerland
http://www.open-net.ch

Kristof Coomans

Friday 24 August 2007 1:06:02 am

Hi J-A

It seems to work here. Are you sure you added all required changes?

For your convenience, I've committed the patched files of 3.9.3 to svn: http://pubsvn.ez.no/community/trunk/hacks/attributeedit_policy/3.9.3/.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.