Re: [magnolia-user] logging with a newly created user

Fri, 23 Jun 2006 03:37:28 -0700

Okay, so with the default documents and hierarchy bundled with magnolia, if I want to access to /demo-docs, but deny all others, I must deny all others one by one : 
Read/Write    Selected and sub nodes      /demo-docs
Read only     Selected and sub nodes      /
Deny access   Selected and sub nodes      /magnolia
Deny access   Selected and sub nodes      /openwfe
(it works like that... but well, each time I add a new folder, I must remember to deny it from this role...) 

I've tried that :
Read only     Selected and sub nodes      /
Deny access   Sub nodes                   /
Read/Write    Selected and sub nodes      /demo-docs


But when I save it, and then re-edit the role, it seems like it doesn't 
save the option "Sub nodes" for '/', because the page shows :

Read only     Selected and sub nodes      /
Deny access   Selected and sub nodes      /
Read/Write    Selected and sub nodes      /demo-docs

Any suggestion ?
Thanks,
   Anthony


Sameer Charles a écrit :

In the ACL menu, there is "Selected and sub nodes", "Sub nodes", I 
think the menu lacks the "Selected node" option doesn't it ?



We cannot do that because a Page in a website or a Document in a dms 
is a collection of nodes, all paragraphs of a single page are attached 
to it
in a same hierarchy so if you "Allow /features" this would mean allow 
node features but not the paragraphs under this and would mean 
something else

for another workspace like DMS.


In future we might add customized Access control for each workspace or 
based on the node types.



Or how else could I do to not let the user the right to read the 
other folders ?


you need to deny these folders including sub


As an example if you have an hierarchy like

home (page)
    - en (page)
        - index (page)
            - a (page)
                - par1 (paragraph)
                - par2 (paragraph)
                - aSub (page)
                    - par1....
            - b (page)
    - fr
        - ...

and you need to allow page "a" but not "aSub"


READ/WRITE - /a            "selected and sub nodes"  (this will make 
sure that you have access to page a, its paragraphs and sub pages)
DENY               - /a/aSub "selected and sub nodes"  (you are still 
able to read and write page "a" and paragraphs but not page "aSub")




Since you could create handlers for any dialog you can override and 
add ACL entries to roles as you like, in repository its a simple pattern

/a            "selected and sub nodes" is stored as 2 entries

1. /a
2. /a/*

you could manipulate as you like.


Cheers
- Sameer







On Jun 23, 2006, at 10:40 AM, Anthony Ogier wrote:


I have the same version of magnolia as George, and I would like that 
new user to access only Documents/demo-docs, and not the other 
folders under /.

How do I configure the ACLs ?

I've tried to allow Read/Write for /demo-docs and sub nodes, but 
then, the user can't see anything because 
"info.magnolia.cms.security.AccessDeniedException: User not allowed 
to Read path [/]".
Then I allow Read on / sub nodes, but the user can now see the 
folders /openwfe and /magnolia, and their respective documents (but 
not their sub-folders anyway).
In the ACL menu, there is "Selected and sub nodes", "Sub nodes", I 
think the menu lacks the "Selected node" option doesn't it ?
Or how else could I do to not let the user the right to read the 
other folders ?


Thanks,
   Anthony

Sameer Charles a écrit :

Sorry, giving permissions only to menu items wont work because admin 
central uses Virtual URI redirects.
currently you need to give read only permissions on the website 
repository in order to access admin central which is indeed a bug.


I will add a JIRA task addressing this issue.

Thanks
- Sameer




On Jun 23, 2006, at 10:22 AM, Sameer Charles wrote:


Hi George,


when you give permissions for the specific path 
"Documents/demo-docs" you can access that with those rights.

so in your case you can access Documents/demo-docs/anyDocument..


If you want this Role to access admin central you need to give 
appropriate permissions, check how its defined for user "superuser" 
and "developer" . This role
must have read permissions on the menu items of admin central which 
are defined under config/modules/admin...


Regards,
- Sameer



----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------



----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------














    











					Reply via email to