Forums / Setup & design / Create Protected Area

Create Protected Area

Author Message

cubby cub

Monday 24 August 2009 3:06:25 am

I followed the instructions here...

http://ez.no/doc/ez_publish/user_manual/4_0/daily_tasks/creating_a_protected_area

My problem is, I want to protect an area that was already created. When I did a fresh install, the Partners area was protected by default.

Now, after playing around a bit, my Partners area is no longer protected.

What are the steps to protect a folder that already exists?

Thanks

Aang: Just like the legend says, we let love lead the way.

Heath

Monday 24 August 2009 4:34:14 am

1. Verify / Assign a section to a content tree node using the admin, /section/list

2. Verify / Configure anonymous and partner role policies using the admin, /role/list

3. Remember to clear all cache via admin to see your changes.

I think that you may have in making your changes to content ... inadvertently changed the section applied to your existing content tree nodes. I've done this myself just last year while playing around with a new release for fun.

Cheers,
Heath

Brookins Consulting | http://brookinsconsulting.com/
Certified | http://auth.ez.no/certification/verify/380350
Solutions | http://projects.ez.no/users/community/brookins_consulting
eZpedia community documentation project | http://ezpedia.org

cubby cub

Monday 24 August 2009 4:45:59 am

UGH!

thanks. ok, i'm going to go back to the manual and try to reread so that i can understand all of these terms.

i'm really confused on the node, section concept and maybe after i get that down, i can understand what's going on in the admin panel.

thanks again.

Aang: Just like the legend says, we let love lead the way.

cubby cub

Monday 24 August 2009 8:16:00 am

hi,

i need some screen shots. do any of the tutorials contain them? this would be soooooooooooo helpful!

can some really nice person post some screen shots of how to make an already created area protected?

thanks

Aang: Just like the legend says, we let love lead the way.

cubby cub

Monday 24 August 2009 8:34:17 am

The partner restriction stopped either after i changed the priorities, renamed a folder or after i did the following...

Under Content Structure - Partners Folder - Preview - Details

I saw the following...
Creator Created Section Versions Translations Node ID Object ID
me 01/10/2007 06:27 am Restricted 4 1 107 105

I wanted another area to be restricted so I navigated to that folder using the same process above so that i ended up here...

/ez_publish/index.php?/super_admin_interface/section/edit/1

once there, i TYPED in "Restricted."

I can't remember what was in the field before I typed "Restricted."

now I have TWO "restricted" designations under...

ez_publish/index.php?/super_admin_interface/section/list ...

section Design 5
section Media 3
section Restricted 1
section Restricted 6
section Setup 4
section Users 2

i'm only supposed to have one right? also now, all of the main folders under content structure are listed as "restricted". this isn't the default correct?

Aang: Just like the legend says, we let love lead the way.

André R.

Monday 24 August 2009 8:41:44 am

Section 1 is "Standard", as in normal content.

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

cubby cub

Monday 24 August 2009 9:06:01 am

THANK YOU!

I have one more question, can a Section be assigned to multiple Subtrees?

Say I want the default Getting Started, Support and Company folders/subtrees to be protected. Can I assign each of these to the Restricted section? Or do I need to create a unique "Restricted" section for each one so that I actually end up with 3 "Restricted" sections?

Aang: Just like the legend says, we let love lead the way.

André R.

Monday 24 August 2009 9:40:39 am

You can assign a section to as many nodes/ subtrees you want, they are one to many relation. If you need many to many relation, then have a look at "States" witch is new in 4.1 (see recent article on it). But states are more object centric, so you can't assign it to subtrees of nodes.

EDIT: Sorry for assuming you know the difference between node and object, in short: nodes are the placement of the object*. So a object can have several placments. NB: but even though you apply section to nodes in admin, they are actually on the object, so you can't have different sections of the different nodes (placements) of the object. (But wouldn't make sens to restrict access to it on one location and give full access to it on another location though..)

* http://ez.no/doc/ez_publish/technical_manual/4_x/concepts_and_basics/content_management/the_content_node_tree

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

cubby cub

Monday 24 August 2009 10:25:10 am

Ok, I think I figured this out. Am going to post what I did for future reference and for those who need a "For Dummies" approach like I do :0)

<b>THE GOAL</b>
Restrict access to certain areas of the website based on the user role. I am going to restrict access to anonymous users. I can deny them the site entirely or keep them from viewing specific areas. So that when a random visitor stumbles upon my site, they will be prompted to login/register.

NOTE: If you restrict some but not all of the site, the <b>LINKS TO THE AREAS</b> that you restrict do not show. I read somewhere that you can allow anonymous users to view the links but once they click, they will be prompted to login/register. I'll have to figure that out later but anyhoo...

Also, it helps to think of this as PERMITTING access to certain areas rather than <i>Restricting</i> access. In reality, you will be permitting the user to view certain areas and any area you don't add is by default, restricted from viewing by un-registered in visitors.

this assumes you have ez publish installed in a folder called - ezpublish_dir. change to suit your site.

this also assumes that during install, you named your administrative section "super." change to suit your site.

1. First navigate to Setup - Sections.
<b>ezpublish_dir</b>/index.php?/<b>super</b>/section/list

2. Verify the default values. The following are automatic with a fresh ez pub install. An explaination of some of these values can be found here...
http://ez.no/doc/ez_publish/technical_manual/4_x/concepts_and_basics/content_management/sections

<strong>DEFAULTS</strong>
Design  	5 
Media 	3
Restricted 	6 
Setup 	4 
Standard 	1 
Users 	2

3. Next, update the "Roles and Policies" which is located under Setup - Sections or navigate to...
<b>ezpublish_dir</b>/index.php?/<b>super</b>/role/list

On this page we will see a list of our default user roles...

Administrator
Anonymous 
Editor 
Member 
Partner

Click the PENCIL icon to edit Anonymous

4. After click the pencil, you will see the Anony role's current policies. It will look something like this...

content  	read  	 Section( Restricted ) 
content 	pdf 	Section( Restricted )
rss 	feed 	No limitations
user 	login 	SiteAccess( models )
user 	login 	SiteAccess( eng )
content 	read 	Class( Flash , Image , Quicktime , Windows media , Real video , Banner ) , Section( Media ) 

The most important value is "content --- read." This pertains to most all content that's not a pdf, rss, login area, etc...basically all of your articles. Make sure this area is restricted.

If it's already restricted, click OK.

5. This now takes you to a page where you will see the exact same thing we saw in step 4 but at the very bottom, we also have a list of ROLES/PRIORITIES that are excluded from any restrictions.
<b>ezpublish_dir</b>/index.php?/<b>super</b>/role/view/1

It should look something like this...

User group     Members   	        No limitations
User group     Partners        	No limitations
User group     Anonymous   	No limitations

6a. <b>NO ANONYMOUS BROWSING - FORCE LOGIN/REGISTRATION</b>
To keep Anony users from viewing any areas without logging in BUT at the same time allow them to view all of the top level links of your site, DELETE the Anony usergroup.

Now, when a non-logged in user goes to your site, they will see the links and upon clicking on them, they will be taken to the standard error page with the following message and the login form...

You do not have permission to access this area.

Possible reasons for this are:

    * You are currently not logged in to the site, to get proper access create a new user or login with an existing user.
    * You misspelled some parts of your URL, try changing it.

6b. <b>PARTIAL ANONYMOUS BROWSING - FORCE LOGIN/REGISTRATION</b>
If you delete the anonymous role, don't worry, the system automatically recreates it any and every time you navigate through the Roles list. So simply going back to verify that your changes have taken place adds a new and undoes all of your changes UNLESS you delete the following (again)...

User group     Anonymous   	No limitations

- So to allow the Anony user to view some areas of the site, but not all of them, we're going to go back to step 3 and proceed to step 6a BUT this time we're going to click the PLUS icon, not the PENCIL. That takes us here...

<b>ezpublish_dir</b>/index.php?/<b>super</b>/content/browse

- On this page, put a check next to Anonymous then press the Select button. That takes us here...

<b>ezpublish_dir</b>/index.php?/<b>super</b>/role/view/1

- Once we're here, we now see the same things we saw in step 5 (above). Now that...

User group     Anonymous   	No limitations

is back, we're going to ADD the pages that we want the Anonymous visitor to see. I was thinking it was the reverse, that you add the pages you want to restrict. NO, you'll be adding the pages that you want the Anony user to have access to.

- Put a check next to Anonymous User

- Now select Subtree from the drop down menu.

- Click Assign with Limitation

- Select the radio button next to the area you want the anony user to see. For example purposes, say that we want to grant access to the "GOOBER" subtree.

- Press Select

- Check Anonymous User

- Press Select

- We're now back on the following page...
<b>ezpublish_dir</b>/index.php?/<b>super</b>/role/view/1

At the bottom, we see...

User group     Members   	 No limitations
User group     Partners 	No limitations
User group     Anonymous Users 	No limitations
User group     Anonymous Users 	Subtree: "GOOBER" (/1/2/77/)

- DELETE / Remove Selected ----- User group Anonymous Users No limitations

Now we have this...

User group     Members   	 No limitations
User group     Partners 	No limitations
User group     Anonymous Users 	Subtree: "GOOBER" (/1/2/77/)

- Clear your cache and navigate to the front end of the site.

- Make sure you're not logged in. Now you should only see a link to GOOBER. All other links on your site are not visible. You can add more subtrees as necessary so that the user can view certain areas and not others.

Aang: Just like the legend says, we let love lead the way.

André R.

Monday 24 August 2009 10:45:52 am

"DELETE the Anony usergroup"

You should not delete the anonymous user, this is used internally by eZ Publish for several things, among other thing to distinguish between logged in / not logged in users.
Instead you should remove / change his rights in the Anonymous user role.

There is a setting in site.ini to control the id of this user, so one can re create the user and override that setting to fix it. see: http://ez.no/doc/ez_publish/technical_manual/4_x/reference/configuration_files/site_ini/usersettings/anonymoususerid

"content read Section( Restricted ) "

Its normally opposite, everyone including anonymous user has access to Standard section and privileged users have in addition access to Restricted . This way you don't have to change much, its how it works out of the box.

"I read somewhere that you can allow anonymous users to view the links but once they click, they will be prompted to login/register."

This is accomplished by overriding the menu templates and add "limitation, array()" as parameter to the fetch functions for the menu. see:
http://ez.no/doc/ez_publish/technical_manual/4_x/reference/modules/content/fetch_functions/list

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

cubby cub

Monday 24 August 2009 11:13:03 am

@ Andre

You should not delete the anonymous user, this is used internally by eZ Publish for several things, among other thing to distinguish between logged in / not logged in users.
Instead you should remove / change his rights in the Anonymous user role.

There is a setting in site.ini to control the id of this user, so one can re create the user and override that setting to fix it. see: http://ez.no/doc/ez_publish/techn...ite_ini/usersettings/anonymoususerid

Fix what? O-M-G! Maybe things are being lost in translation? I dont mean to be rude but given this company's location, I wonder if the folks who are responding use english as second language? I honestly am so thankful for the replies but it's as if you're forgetting that I've only been using this script for 5 days! i have to wonder if english is your primary language because where you're grammatically correct, most of the replies here are so cold and technical that it's almost sad.

1. If you're going to reference a file, you should reference it's path AND url...

site.ini - where is this located? how do i get to it via ftp and via the admin interface. I KNOW how to get to it but make it easier on yourself and others because I guarantee that it's the minor details that result in repetitive follow-up questions. in short, new users asking "site.ini, where is that located?" you could save time by being thorough.

i wish i could share x-cart.com's user forum with but you have to purchase the software to gain access. their forum is idiot proof because all of the users take time to show their process. they don't make assumptions about the user's usage levels.

in the end, if you have a question, all you have to do is search for it. sometimes it takes a while to find an answer but 9 times out of 10 it has been asked and answered.

this forum doesn't allow for that because you moved the docs from one point to the next, there's a ticket system, a forum, articles...it's so confusing :(

all i know is that when i find a solution, i will post in detail and all i can ask is that others do as well. it's taking time out of my site development to type all of this out and if i'm wrong, fine, but at least i'm trying to make things clear.

2. why would i want to recreate the anony user if it's automatically recreated? if i don't delete the default designation....

User group    Anonymous Users  No limitations

how do you edit it? i don't see how you clearly edit this so that it no longer says "No limitations". Thus, I added the limitations and then deleted the default designation. This didnt permanently erase the anony user because it reappears everytime you navigate through the Roles link.

3.

Its normally opposite, everyone including anonymous user has access to Standard section and privileged users have in addition access to Restricted . This way you don't have to change much, its how it works out of the box.

see, the above makes me think that english is your second language. if it is, then why i'm having trouble comprehending makes complete sense. if english is your primary language, DUDE...what in the world? grammatically correct yes but reading that sentence makes my head hurt.

what is normally the opposite? are you saying that the anonymous user normally has standard access? so that it should be...

content        read    Section( Standard ) 

and as a result, any sub-trees I add RESTRICT access to those subtrees?

Either way, this is how i was able to achieve a protected area. if there's a better/correct way, <b>show your process</b>. I like this script but as previously and repeatedly stated, the docs suck. So I shall do what works for me and unless you can give me a reason why I shouldnt be doing this, I gotta do what works.

Aang: Just like the legend says, we let love lead the way.

André R.

Monday 24 August 2009 3:07:02 pm

Would you prefer the standard RTFM or even better RTFC (c=Code) response instead that you would get in some other forums maybe? :P

"Fix what?"
Well, I got the impression that you recommended to remove the anonymous user? I have never tried that, but know from the code that you will get a warning and might experience other strange effects since this user is, like the admin user, expected to be present in the database.

"site.ini"
Well ini files can have several locations, so sorry about taking a shortcut there. It's probably best to use the admin interface to change settings in the beginning as opposed to change it directly using ssh/ftp. (since you don't need to have the whole ini override system in the back of your head to be able to change anything ;))

Sincerely yours truly beloved but technical and to the cold point
André

PS: It's 24:00 here, so I'll leave the rest of the of questions for others to respond to :) Heath for instance, which is primary English speaking if I remember correctly.

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

cubby cub

Monday 24 August 2009 5:06:56 pm

RTFM eh? I have a couple acronyms for you :P

Andre, I really appreciate your taking the time because I know you don't have to. But trust me, the support on this site needs work. Now, if this is a script for developers, ok. It makes sense that ezpub doesn't care about regular folk.

But if ezpub is looking to rival Drupal, Joomla, Php-Nuke, etc...the admin interface needs tons of work. And if that will take time, at the very least the docs should be user friendly.

===

I didn't mean to imply that you completely get rid of the anony user. I don't think the system will allow for it as it keeps adding itself back after you delete it. My problem was that whenever I navigated to the Roles/Priorities, all limited access settings went away so that the entire site was open access. Is this a bug? What I do wrong?

Apparently there's another way to protect but to my knowledge, what I've done works...so far. My question therefore is, what would you do differently?

==

and finally, I KNEW you were ESL! :D

Aang: Just like the legend says, we let love lead the way.