Forums / Discussions / Adding custom security policy limitations to your modules

Tuesday 25 May 2010 7:45:00 am - 6 replies

» Read full tutorial

Introduction

This tutorial will show you how to deal with custom security policy limitations for your modules. Once read, you will be able to fully take advantage of the granularity in eZ Publish's security and access control system.

Author Message

Carlos Revillo

Tuesday 25 May 2010 10:27:23 am

Wonderful tutorial!

André R.

Tuesday 25 May 2010 1:34:35 pm

Greate article!

But I didn't get the eZJSCore example, the whole point of hasAccessToLimitation() is to not have to deal with limitations yourself. Without limitations you can just as well use "$user->hasAccessTo( $module, $function )" and "fetch( 'user', 'has_access_to', ... )".

phpdoc (1.1 and up):

/**
     * Check access to a specific module/function with limitation values.
     * See eZ Publish documentation on more info on module, function and
     * limitation values. Example: a user can have content/read permissions
     * but it can be limited to a specific limitation like a section, a node
     * or node tree. 1.x limitation: returns false if one of provided values
     * don't match but ignores limitations not specified in $limitations.
     *
     * @param string $module
     * @param string $function
     * @param array|null $limitations A hash of limitation keys and values
     * @param bool Lets you get some additional debug information if set to true, useful while developing.
     * @return bool
     */
    public static function hasAccessToLimitation( $module, $function, $limitations = null, $debug = false )

http://svn.projects.ez.no/ezjscore/trunk/packages/ezjscore_extension/ezextension/ezjscore/autoloads/ezjscaccesstemplatefunctions.php

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Gaetano Giunta

Friday 28 May 2010 12:23:28 am

Great tutorial!

One thing that is not universally known: you can set up a set of policies of which at least one has to be matched to give access to a view, as well as defining a set of policies all of which have to be matched:

$ViewList = array(
    'at_least_one' => array(
        'functions' => array( 'func1 or func2' ) ),
    'both' => array(
      'functions' => array( 'func1', 'func2' ) ) );

$FunctionList = array(
    'func1' => array(),
    'func2' => array(),
);

Principal Consultant International Business
Member of the Community Project Board

H-Works Agency

Wednesday 24 November 2010 2:57:03 am

Very valuable tut.

But is there a way to implement access control for a whole module without having to insert hasAccessTo in every views ?

Thanx in advance

EZP is Great

Jérôme Vieilledent

Wednesday 24 November 2010 5:22:57 am

If you want to implement the finest granularity of the access control, I guess not. You really need to check the limitations access in every views.

H-Works Agency

Wednesday 24 November 2010 6:00:47 am

Ok great Jérôme thanx a lot.

EZP is Great

You must be logged in to post messages in this topic!

eZ debug

Timing: Jan 29 2025 13:38:37
Script start
Timing: Jan 29 2025 13:38:37
Module start 'content'
Timing: Jan 29 2025 13:38:37
Module end 'content'
Timing: Jan 29 2025 13:38:37
Script end

Main resources:

Total runtime0.3237 sec
Peak memory usage2,048.0000 KB
Database Queries141

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0094 588.1875180.7969
Module start 'content' 0.00940.0059 768.9844106.4922
Module end 'content' 0.01520.3084 875.4766523.7969
Script end 0.3236  1,399.2734 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00381.1599200.0002
Check MTime0.00130.4163200.0001
Mysql Total
Database connection0.00070.227910.0007
Mysqli_queries0.266082.18151410.0019
Looping result0.00150.47041390.0000
Template Total0.308195.210.3081
Template load0.00070.214710.0007
Template processing0.307494.966010.3074
Override
Cache load0.00040.138410.0004
Sytem overhead
Fetch class attribute can translate value0.00180.549310.0018
XML
Image XML parsing0.00020.053510.0002
General
dbfile0.01053.2340200.0005
String conversion0.00000.002530.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 1
 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs