Building a navigation based on role-sections

Author Message

Peter Bailey

Friday 28 February 2003 10:09:50 am

Hey all

I'm attempting to create a <UL> based list of links to all the SECTIONS that are assigned to the current user's ROLE. How can I retrieve all the URIs so I can create my <UL> tree?

I'm going to keep reading into eZUser to find my answer, but if you know you'd help me alot!

Thanks

Volker Lenz

Monday 03 March 2003 3:26:22 am

> Hey all
>
> I'm attempting to create a <UL> based list of links to all
> the SECTIONS that are assigned to the current user's ROLE.
> How can I retrieve all the URIs so I can create my <UL>
> tree?
>
> I'm going to keep reading into eZUser to find my answer, but
> if you know you'd help me alot!
>
> Thanks

What do you actually want to do ? 'Sections' are not related to URIs in ezp. So I wonder whether you want to display links to site access URI's, as they are defined in your site.ini. Note that in current ezp, you cannot directly assign site access URI's to sections.

Regards

Volker

Peter Bailey

Monday 03 March 2003 7:09:28 am

I see. Umm. Well, I have several groups of content all separated by SECTIONs, but if that won't work I need something that will allow me to:

Designate access to specific USER-GROUPs or ROLEs to specific content areas (folders, whatever) on the site. Preferably using ROLEs.

Using that information, build the NAV it mentioned directing the user to each "section"

How can I interface the data in the user's role for template building?

Peter Bailey

Monday 03 March 2003 7:09:28 am

I see. Umm. Well, I have several groups of content all separated by SECTIONs, but if that won't work I need something that will allow me to:

Designate access to specific USER-GROUPs or ROLEs to specific content areas (folders, whatever) on the site. Preferably using ROLEs.

Using that information, build the NAV it mentioned directing the user to each "section"

How can I interface the data in the user's role for template building?

Volker Lenz

Tuesday 04 March 2003 3:38:14 am

> I see. Umm. Well, I have several groups of content all
> separated by SECTIONs, but if that won't work I need
> something that will allow me to:
>
> Designate access to specific USER-GROUPs or ROLEs to
> specific content areas (folders, whatever) on the site.
> Preferably using ROLEs.
>
> Using that information, build the NAV it mentioned directing
> the user to each "section"
>
> How can I interface the data in the user's role for template
> building?

Ok, think I got it. In ezp3-rc2 you cannot assign contentobject authorization to users or groups or even roles. This is clearly a shortcoming in ezp3's current authorisation model and I have already issued a bunch of feature requests to the devs on that matter.

One possible workaround for this is the following one. However, I do not recommend to use it for the reasons I have outlined lateron.

--- Template based access check for content objects ------

After you have created different roles with "content read"-restrictions bound to sections, you can build a default content listing menu for a basic content node, where different subnodes of that node are bound to the distinct content-sections you have defined in your role-model. When you fetch that basic content node in your template as usual with the fetch()-function, in order to create, say a menu of article links, you may use the "can_read", "can_write", "can_edit" permission-control attributes of content objects to decide whether the current site visitor comes to see a content or not:

Use something like the following code to create your menu:
{let menucontents=fetch('content','tree',hash(parent_node_id,$your_basic_content_root_node_id,sort_by,$your_sorting_preference,depth,$your_preferred_tree_depth_to_fetch))}
{section name='Menu' loop=$menucontents}

{section show=$Menu:item.object.can_read}
... template code to display a content link for users who are allowed to read the content due to their section-role-setting ...
{section-else}
... possible template code to create a placeholder for a menuitem that the current user is not allowed to read
{/section}
{/section}
{/let}

However, this model of dynamic menu creation has two major disadvantages:

1. It is as slow as every complex template calculation is and becomes even slower with each additional content object to check permissions for. So if you intend to route dozens of articles through the template-oriented permission checker depicted above, your site visitors will easily loose their patience.

2. Template-oriented permission checking is likely to become weired once you activate template caching in order to boost the speed of ezp's rendering fetaure.
The caching of templates will not know which of the menus are designated to which user group, because the permission check IS NOT APPLIED OUTSIDE the template generation process. If it was, it could be applied as routine even before fetching cached templates.

With these two rather serious limitations in mind, I recommend that you do not follow that path of page design with dynamic menus that check access permissions in the course of template creation.

Instead, I recommend that you achieve a design that allows you to use as many STATIC templates as possible. In your situation, I would seperate the content for different users to different sections (as you already did) and then provide a distinct site access (say 'partner', 'client') with a distinct pagelayout for these site access zones and -- of course -- a require-login flag set in the site.ini-overrides for these zones. Once you users log in to a site access zone, they simply come to see all the content in the section bound to that zone in a static and caching-safe pagelayout_override.

Think about it.

Regards

Volker

Volker Lenz

Tuesday 04 March 2003 3:38:14 am

> I see. Umm. Well, I have several groups of content all
> separated by SECTIONs, but if that won't work I need
> something that will allow me to:
>
> Designate access to specific USER-GROUPs or ROLEs to
> specific content areas (folders, whatever) on the site.
> Preferably using ROLEs.
>
> Using that information, build the NAV it mentioned directing
> the user to each "section"
>
> How can I interface the data in the user's role for template
> building?

Ok, think I got it. In ezp3-rc2 you cannot assign contentobject authorization to users or groups or even roles. This is clearly a shortcoming in ezp3's current authorisation model and I have already issued a bunch of feature requests to the devs on that matter.

One possible workaround for this is the following one. However, I do not recommend to use it for the reasons I have outlined lateron.

--- Template based access check for content objects ------

After you have created different roles with "content read"-restrictions bound to sections, you can build a default content listing menu for a basic content node, where different subnodes of that node are bound to the distinct content-sections you have defined in your role-model. When you fetch that basic content node in your template as usual with the fetch()-function, in order to create, say a menu of article links, you may use the "can_read", "can_write", "can_edit" permission-control attributes of content objects to decide whether the current site visitor comes to see a content or not:

Use something like the following code to create your menu:
{let menucontents=fetch('content','tree',hash(parent_node_id,$your_basic_content_root_node_id,sort_by,$your_sorting_preference,depth,$your_preferred_tree_depth_to_fetch))}
{section name='Menu' loop=$menucontents}

{section show=$Menu:item.object.can_read}
... template code to display a content link for users who are allowed to read the content due to their section-role-setting ...
{section-else}
... possible template code to create a placeholder for a menuitem that the current user is not allowed to read
{/section}
{/section}
{/let}

However, this model of dynamic menu creation has two major disadvantages:

1. It is as slow as every complex template calculation is and becomes even slower with each additional content object to check permissions for. So if you intend to route dozens of articles through the template-oriented permission checker depicted above, your site visitors will easily loose their patience.

2. Template-oriented permission checking is likely to become weired once you activate template caching in order to boost the speed of ezp's rendering fetaure.
The caching of templates will not know which of the menus are designated to which user group, because the permission check IS NOT APPLIED OUTSIDE the template generation process. If it was, it could be applied as routine even before fetching cached templates.

With these two rather serious limitations in mind, I recommend that you do not follow that path of page design with dynamic menus that check access permissions in the course of template creation.

Instead, I recommend that you achieve a design that allows you to use as many STATIC templates as possible. In your situation, I would seperate the content for different users to different sections (as you already did) and then provide a distinct site access (say 'partner', 'client') with a distinct pagelayout for these site access zones and -- of course -- a require-login flag set in the site.ini-overrides for these zones. Once you users log in to a site access zone, they simply come to see all the content in the section bound to that zone in a static and caching-safe pagelayout_override.

Think about it.

Regards

Volker

Peter Bailey

Tuesday 04 March 2003 8:50:49 am

Volker

Thanks so much for the reply. You're right, based on the caching etc, doing the navigation this way won't work. I've become so accustomed to having the cachin off during the development I forgot about that effecting this.

Thank you very much for the example, just the same. It will help me learn the templating system better.

I only have 8-10 sections I am using for this, so doing them static for now is not a big deal.

Thanks again. If you ever need some serious javascript work done, I'm your man. =)

Peter Bailey

Tuesday 04 March 2003 8:50:49 am

Volker

Thanks so much for the reply. You're right, based on the caching etc, doing the navigation this way won't work. I've become so accustomed to having the cachin off during the development I forgot about that effecting this.

Thank you very much for the example, just the same. It will help me learn the templating system better.

I only have 8-10 sections I am using for this, so doing them static for now is not a big deal.

Thanks again. If you ever need some serious javascript work done, I'm your man. =)

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.