In the ACL menu, there is "Selected and sub nodes", "Sub nodes", I
think the menu lacks the "Selected node" option doesn't it ?
We cannot do that because a Page in a website or a Document in a dms
is a collection of nodes, all paragraphs of a single page are
attached to it
in a same hierarchy so if you "Allow /features" this would mean allow
node features but not the paragraphs under this and would mean
something else
for another workspace like DMS.
In future we might add customized Access control for each workspace
or based on the node types.
Or how else could I do to not let the user the right to read the
other folders ?
you need to deny these folders including sub
As an example if you have an hierarchy like
home (page)
- en (page)
- index (page)
- a (page)
- par1 (paragraph)
- par2 (paragraph)
- aSub (page)
- par1....
- b (page)
- fr
- ...
and you need to allow page "a" but not "aSub"
READ/WRITE - /a "selected and sub nodes" (this will make
sure that you have access to page a, its paragraphs and sub pages)
DENY - /a/aSub "selected and sub nodes" (you are still
able to read and write page "a" and paragraphs but not page "aSub")
Since you could create handlers for any dialog you can override and
add ACL entries to roles as you like, in repository its a simple pattern
/a "selected and sub nodes" is stored as 2 entries
1. /a
2. /a/*
you could manipulate as you like.
Cheers
- Sameer
On Jun 23, 2006, at 10:40 AM, Anthony Ogier wrote:
I have the same version of magnolia as George, and I would like
that new user to access only Documents/demo-docs, and not the other
folders under /.
How do I configure the ACLs ?
I've tried to allow Read/Write for /demo-docs and sub nodes, but
then, the user can't see anything because
"info.magnolia.cms.security.AccessDeniedException: User not allowed
to Read path [/]".
Then I allow Read on / sub nodes, but the user can now see the
folders /openwfe and /magnolia, and their respective documents (but
not their sub-folders anyway).
In the ACL menu, there is "Selected and sub nodes", "Sub nodes", I
think the menu lacks the "Selected node" option doesn't it ?
Or how else could I do to not let the user the right to read the
other folders ?
Thanks,
Anthony
Sameer Charles a écrit :
Sorry, giving permissions only to menu items wont work because
admin central uses Virtual URI redirects.
currently you need to give read only permissions on the website
repository in order to access admin central which is indeed a bug.
I will add a JIRA task addressing this issue.
Thanks
- Sameer
On Jun 23, 2006, at 10:22 AM, Sameer Charles wrote:
Hi George,
when you give permissions for the specific path "Documents/demo-
docs" you can access that with those rights.
so in your case you can access Documents/demo-docs/anyDocument..
If you want this Role to access admin central you need to give
appropriate permissions, check how its defined for user
"superuser" and "developer" . This role
must have read permissions on the menu items of admin central
which are defined under config/modules/admin...
Regards,
- Sameer
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
