Installation
- Go to WEBROOT/admin/webinc/install/matrix/index.php in your browser to install the matrix permission system.
- To complete the installation add a collection permissions and add the system groups 'anonymous' and 'authenticated' as stated.
- Per default no permissions are granted. Therefore you must give some basic permissions before activating matrix:
- Administrator (e.g. authenticated)
- Permissions WEBROOT/admin/edit/permissions//permissions/
- Edit Permissions
- Access admin section
- Visitor (anonymous)
- Home WEBROOT/admin/edit/permissions//
- Read collection
- Show in navigation
- To activate matrix uncomment the permm section in your conf/config.xml file and fill in 'matrix' as type for the permModule.
- The matrix permission system is ready to use now.
Groups
The system defines two default roles: 'anonymous' includes everyone, 'authenticated' includes every user who is logged in. No users have to be added to these system groups! More groups can be added freely. The user assignment is done through the dbforms2 in the permissions collection.
Plugins
Permissions are granted on plugin base. Each plugin defines the method getPermissionList() which returns an array of supported permissions. If an empty array is returned no permission editor will be shown for the plugin. Note that the identifiers used must be defined in the i18n language files in the admin/lang/ directory.
Inherit permissions
Instead of assiging individual permissions all of a plugin's permission requests can be redirected to its parent (except the root collection of course). This can be done by checking the inherit flag. In order to work the parent must have the same plugin registered as well. If needed permissions can be redirected over multiple instances.
Moving a collection
To move a collection three permissions are needed. The source collection needs permissions to copy and delete resources. Further the user needs permission to create resources in the destination collection. Notice that the inherit flags will not be copied because this could cause trouble if the destination collection doesn't have the same plugins registered.
Special cases
- The collection plugin is a virtual plugin that is automatically added to every collection's plugin list
- Permissions for dbforms2 are granted globally and are not bound to a url. Every plugin may add dbforms2 permissions to its permission list.
- All queries for blog's virtual sub folders will be redirected to the blog base direcotry /blog/
- The same goes for the files plugin because its subfolders are no real collections. Except for the _galleries subfolder which is managed by the gallery plugin.
- The permissions plugin is a pool for special permissions like the matrix system itself, site options and the user management.
Caching
The permissions for read and read_navi actions (used in the frontend) are being cached in the user's session to accelerate site access. The cache is erased when the session is closed or the user logs out.
Implementation
bx_permm_perm_matrix
Implemente the method isAllowed() which is invokated by bx_permm to check permissions.
bx_editors_permissions
Generates to edtitor view to modify a collection's permissions.
bx_plugins_permissions
Defines the list of available permissions for the permissions plugin.
Plugin Reference
Permissions Plugin
- Edit permissions
- Edit users
- Edit groups
- Access admin section
- Site options
- Download themes
Collection Plugin
- Read collection
- Show in navigation
- Edit properties
- Edit .configxml
- Create resources
- Delete resources
- Copy resources
- Edit resources in File
XHTML Plugin
- Edit in BXE
- Edit in FCKeditor
- Edit in Kupu
- Edit in Oneform
Blog Plugin
- Post blog entries
- Edit blog options
- Edit files
- Edit gallery
- Edit links
- Edit categories
- Edit private feed
- Edit blog comments
Gallery Plugin
- Edit in Image
- Show gallery
Newsletter Plugin
- Create newsletter from feed
- Send newsletter
- View newsletter archive
- View newsletter subscribers
- Edit feeds
- Edit senders
- Edit groups
- Edit users
- Edit mailservers
Add Comment