Security policy for user settings ?

Author Message

Kevin Gaudin

Wednesday 12 November 2008 1:11:54 am

Hello,

I'm trying to setup a specific group of users which are allowed to manage users and groups and nothing else (eZ Pub. v 4.0.0).

I'm using the following policies :

content / create / Subtree( Users ) , Class( User ) , Section( Users ) , ParentClass( User group )
content / create / Subtree( Users ) , Class( User group ) , Section( Users )
content / edit / Subtree( Users ) , Class( User group , User ) , Section( Users )
content / read / Subtree( Users ) , Section( Users )
content / move / No limitations
content / manage_locations / Subtree( Users ) , Class( User ) , Section( Users )
content / remove / Subtree( Users ) , Class( User group , User ) , Section( Users )
user / login / SiteAccess( admin , fr , en )

I can login to the backoffice, create/edit/move users, but can't go to the users settings form... this might not be a real problem as the only possible action in this form is to activate/deactivate the account, but can anyone tell me what security policy has to be set up to authorize access to this form ?

Twitter: @kevingaudin

Kristof Coomans

Monday 17 November 2008 6:35:29 am

Hi Kevin

You need to use the policy user/preferences. Note however this policy does not respect any limitations, so it will allow access to any user's settings (activate/deactivate).

See http://ez.no/doc/ez_publish/technical_manual/4_0/reference/modules/user/views/setting and http://ez.no/doc/ez_publish/technical_manual/4_0/reference/modules/user/views/preferences

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.