Forums / Developer / Multilingual site: adding additional policy restrictions

Multilingual site: adding additional policy restrictions

« 
Previous topic
|
Developer
|
Next topic
 »
Author Message

Sebastiaan van der Vliet

Thursday 07 May 2009 8:26:46 am

Hi,

I'm running two languages (siteaccesses) on a single ezp installation, single database, same set of templates. I want editors for both languages to be able to see the content in the other language, but not able to change 'anything'. I have set up two user groups, one for each language.

Unlike content/edit, the following functions: restore, cleantrash, remove and manage_locations, hide, move and versionread do not have the option to restrict access by used language. In my opinion this is a 'security' risk, and I would like to correct this.

The obvious place to start is the kernel/content/module.php file, by changing lines like:

$FunctionList['cleantrash'] = array();

to

$FunctionList['cleantrash'] = array('Language' => $Language);

Can someone point out the other kernel files that would need to be modified to further restrict access by language?

Certified eZ publish developer with over 9 years of eZ publish experience. Available for challenging eZ publish projects as a technical consultant, project manager, trouble shooter or strategic advisor.

Sebastiaan van der Vliet

Tuesday 12 May 2009 4:49:16 am

For example, in a multilingual setup problems may arise with the 'hide' functionality. I don't want editors in one language to be able to hide items that have a translation in another language. So I want to restrict the ability to hide thing by language: only allow hiding items if there are no translations:

In kernel/content/module.php:

$FunctionList['hide'] = array( 'Subtree' => $Subtree,'Language' => $Language );

in kernel/content/hide.php

$curNode = eZContentObjectTreeNode::fetch( $NodeID );

//start hack
$obj = $curNode->object();
$availableLanguages = $obj->availableLanguages();
foreach ($availableLanguages as $availableLanguage)
{
	$moduleAccessAllowed = $obj->checkAccess( 'hide', false, false, false, $availableLanguage );
	if (!$moduleAccessAllowed)
		return $Module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
}
//end hack

Probably better if it goes to a page explaining the restriction, rather than serving a page with 'access denied'.

And yes, I know. Don't touch the kernel.

Certified eZ publish developer with over 9 years of eZ publish experience. Available for challenging eZ publish projects as a technical consultant, project manager, trouble shooter or strategic advisor.

eZ debug

Timing: Jan 19 2025 23:52:47
Script start
Timing: Jan 19 2025 23:52:47
Module start 'content'
Timing: Jan 19 2025 23:52:47
Module end 'content'
Timing: Jan 19 2025 23:52:47
Script end

Main resources:

Total runtime0.1397 sec
Peak memory usage2,048.0000 KB
Database Queries141

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0064 589.1953180.8125
Module start 'content' 0.00640.0042 770.007894.0078
Module end 'content' 0.01060.1290 864.0156522.9219
Script end 0.1396  1,386.9375 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00332.3967200.0002
Check MTime0.00141.0103200.0001
Mysql Total
Database connection0.00090.658810.0009
Mysqli_queries0.100672.03931410.0007
Looping result0.00110.81361390.0000
Template Total0.128792.110.1287
Template load0.00100.686610.0010
Template processing0.127791.446510.1277
Override
Cache load0.00070.490410.0007
Sytem overhead
Fetch class attribute can translate value0.00070.534810.0007
XML
Image XML parsing0.00020.141710.0002
General
dbfile0.00271.9681200.0001
String conversion0.00000.004830.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 1
 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs