User Permissions - Limit Functionality

Author Message

Philip Redmon

Tuesday 20 July 2004 2:06:01 pm

I have a site that functions as a procurement-like database. Users are allowed to enter items in the custom Entry Class. However, some users need to be able to view the entire Entry Class including a cost attribute, and some users need to be able to NOT view this cost attribute.

The three different types of users are: Admin (all), Editor (View/Add/Edit/Delete Self, View all other's entries except cost attribute), User (View all entries except cost attribute).

I don't see how user roles can be used to allow this to happen. Any ideas?

Bruce Morrison

Tuesday 20 July 2004 6:49:19 pm

Hi

eZ Publish permissions work on objects and don't extend to object attributes. I believe that your only option in this case to to build the user checking into the Entry template.

This may shed some light on how to do this
http://ez.no/ez_publish/documentation/customization/tips_tricks/hiding_attribute_content

Cheers
Bruce http://www.designit.com.au/

My Blog: http://www.stuffandcontent.com/
Follow me on twitter: http://twitter.com/brucemorrison
Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish

Philip Redmon

Thursday 12 August 2004 8:43:53 am

For any interested, I set up the solution by disallowing all users except admin to view two specific attributes (cost, costnotes) for this list view, and then created a user role to allow for "edit self".

So, if you are admin, you can view all attributes on a browse page, and are allowed to edit all files.

If you are an editor, you can view all attributes except two on a browse page, and are allowed to edit your own files and view the cost from the edit form.

If you are a generic user, you are only allowed to view attributes on the browse page and are not allowed to view the cost.

<table width=100% border=1 bordercolor=#660000 cellpadding=10 cellspacing=0>

{* Loop through all the entries. *}
{section name=collectionLoop loop=$collectionList}

<tr><td>
 
{section show=$:item.object.can_edit}
   <form method="post" action={"content/action/"|ezurl}>

   <input type="hidden" name="RedirectURI" value="{concat("/edit/",$:item.object.id,"/")}" />
   <input class="button" type="submit" name="EditButton" value="{'Edit'|i18n('design/standard/node/view')}" />

   <input class="button" type="submit" name="ActionRemove" value="{'Remove'|i18n('design/standard/node/view')}" />
   <input type="hidden" name="ContentNodeID" value="{$:item.node_id}" />

   </form>
{/section}
<br />

{* grab and show all attributes for this object *}
{default content_object=$node.object
         content_version=$node.contentobject_version_object
         node_name=$node.name}

{section name=Attribute loop=$:item.contentobject_version_object.contentobject_attributes}

{let user=fetch( 'user', 'current_user' )
                is_admin=$:user.groups|contains( 12 )
                is_self=$node.creator.id|contains($:user.contentobject_id)}

    {switch match=$:item.contentclass_attribute.identifier}

      {case match="cost"}
      {* only display cost if this is an administrator *}
        {section show=$:is_admin }
{* Display your attribute and attribute value *}
{$:item.contentclass_attribute.name}
:{attribute_view_gui attribute=$:item}
        {/section}
      {/case}

      {case match="costnotes"}
      {* only display costnotes if this is an administrator *}
        {section show=$:is_admin}
{* Display your attribute and attribute value *}
{$:item.contentclass_attribute.name}
:{attribute_view_gui attribute=$:item}
        {/section}
      {/case}

      {case}
      {* default, display as normal *}
{* Display your attribute and attribute value *}
{$:item.contentclass_attribute.name}
:{attribute_view_gui attribute=$:item}
      {/case}
    {/switch}
    {/let}
    {/section}
    {/default}

{* End Loop through all entries *}
{/section}
</table>

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.