Forums / Developer / How to restrict/redirect certain object views ?

How to restrict/redirect certain object views ?

« 
Previous topic
|
Developer
|
Next topic
 »
Author Message

H-Works Agency

Wednesday 03 September 2008 3:17:16 am

Hello,

I want to disallow anonymous users from reading certains object classes in view full.

How can this be done ?

For example users could read 'articles' in view 'line' but not in view 'full'.

Thanx in advance.

EZP is Great

Gabriel Finkelstein

Thursday 04 September 2008 3:29:45 pm

You can always do:

{if [has_access]}
[content]
{else}
You're not allowed bla bla bla.
{/if}

In [has_access] you check if the user has a certain role.
It's not nice, but it works.

Maxime Thomas

Thursday 04 December 2008 10:00:41 pm

Hi,

You can also set some restriction on policy like only editors can read articles.
To make articles appear in the result of a fetch for exemple, you just have to add the limitation parameter with an empty array :

http://ez.no/doc/ez_publish/technical_manual/4_0/reference/modules/content/fetch_functions/list

By this you don't have to put a message.

Max

Maxime Thomas
maxime.thomas@wascou.org | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

André R.

Friday 05 December 2008 12:37:44 am

By this you don't have to put a message.

And you don't have to implement access rules in templates witch are ugly and insecure by design.
For instance: If one of your readers knows a few things about eZ Publish he can try to guess for other views you might have beside full and line, he needs to know the node id as well but not something that is to hard in a default ez install. It's even worse if templates decide on edit/delete access..

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom