Permission_Simple

Added by Christian Stocker, last edited by Kristina Kalberer on Nov 04, 2008  (view change)

= Simple Perm Module =

Introduction

The Simple Permission module allows you to give read access to certain collections/pages only for certain people. It doesn't do more, meaning everyone with an admin account can still edit everything. But OTOH it's really easy to setup and quite fast performance wise.

Basic Concept of Simple Perm

With Simple Perm you can define, which collections are viewable by which user. By default all pages are viewable by all (even not logged in users). You can now assign different users to different groups and then also say which collection are only viewable for different groups. How many groups you want, is your choice, Simple Perm has only 2 predefined groups, admin and everyone.

Let's take a basic example:

We have the following site:

/root
 -/everyone
 -/partners
 -/clients
 -/companynews
  • root and /everyone should be viewable by everyone
  • /partners only by people in the group partners (and admins)
  • /clients only by people in the group clients (and admins)
  • /companynews by people in the groups clients, partners and admins

Simple Perm uses bit-or-ed group-ids for making deciding, who is allowed what. This makes the comparison quite fast and a user can belong to more than one group and a collection can be viewed by more than one group. For this to work, we have to first give ids to our groups. admin and everyone are predefined, the rest is your choice. Let's make the following assumptions

admin    1 (2^0) (predefined)
 everyone 2 (2^1) (predefined)
 partners 4 (2^2) 
 clients  8 (2^3)

Now you have to assign those ids to your users:

admin            gid 15 (1 | 4 | 8, he belongs to every group)
 partner1         gid  4 (he is just a partner)
 client1          gid  8 (he is just a client)
 partnerAndClient gid 12 (4 | 8, he is a partner and a client)

you can assign them the gid 2 as well, if you want, but that's not necessary.

Now we do the same for the collections. Go into the admin, select "Edit in properties", then the "permission" tab and then fill the following into the read field

/root          (nothing here, you could add 2, but if nothings there, it's viewable for everyone)
 -/everyone     (same as above)
 -/partners     4 (everyone in the group partne or admin can view it)
 -/clients      8 (everyone in the group client can view it)
 -/companynews  12 (everyone in the group client or partner can view it)

If you have subcollection and don't assign them anything, the inherit the value of the parent section (or the grandparent, until somethings found or we're in root..)

That's it

Admin Access

Everyone in the group admin can log into the admin interface. There's no distinction there, so everyone in the admin group can see and edit everything

The read_navi action

Besides the read, there's also a read_navi action, this means if a group has read_navi rights, the collection will show up in the navigation, but if the group doesn't have read rights and clicks on that collection, a login screen will show up instead of the actual content.

If a group has read-action rights, it automatically also has read_navi action rights

Setup

The Simple Perm Module is not enabled by default.

If you checked out BxCMS after Revision 3770 (28 March 2005), setting it up is quite easy.

  • Uncomment the <permm> section in conf/config.xml (under <connections>)
  • Uncomment <property id="read"/> and <property id="read_navi"/> in conf/properties/properties.xml (under <propertyset name="collection">)
  • Uncomment <bxco:field name="user_gid" type="text" descr="Group ID"></bxco:field> in {{ forms/users/config.xml }}

That's it. Now you have to assign the users group ids and give restrictions to the collections explained above.

How to use it in templates

How to do a login form

See themes/standard/pagenotallowed.xsl for an example.

Display if someone is logged in 

<xsl:variable name="username"><xsl:value-of
select="php:functionString('bx_helpers_perm::getUsername')"/></xsl:variable>

 <xsl:choose>
  <xsl:when test="$username != ''">
	you're logged in as <xsl:value-of select="$username"/>.
  </xsl:when>
  <xsl:otherwise>
	You're not logged in
  </xsl:otherwise>
 </xsl:choose>

Logout link 

<a href="/admin/?logout&amp;amp;back={php:functionString('bx_helpers_uri::getRequestUri')}">Logout</a>

To use a logoutlink in the navigation (in background a collection), type in relevant properties (field relink) the following: 

/admin/?logout&back=/

That forwards the user back to the startpage, when logout is done.

Upgrading from before rev 3770

If you started with BxCMS before 3770, you have to update your sources (of course) and maybe also to change some other stuff. I won't go in details here for that, just ask on the mailinglist if you're stuck with it (it's mainly copying the sitemap from install/dist/sitemap/sitemap.xml and adding user_gid to the users table). And no worries with updating your sources, BxCMS will behave exactly the same as before 3770 (and shouldn't be slower, as it skips almost all perm stuff, if no permission module is configured).

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.
These projects are supported by Liip AG