Security policy for user settings ?

Previous topic

Setup & design

Next topic

Author	Message
Kevin Gaudin	Wednesday 12 November 2008 1:11:54 am Hello, I'm trying to setup a specific group of users which are allowed to manage users and groups and nothing else (eZ Pub. v 4.0.0). I'm using the following policies : content / create / Subtree( Users ) , Class( User ) , Section( Users ) , ParentClass( User group ) content / create / Subtree( Users ) , Class( User group ) , Section( Users ) content / edit / Subtree( Users ) , Class( User group , User ) , Section( Users ) content / read / Subtree( Users ) , Section( Users ) content / move / No limitations content / manage_locations / Subtree( Users ) , Class( User ) , Section( Users ) content / remove / Subtree( Users ) , Class( User group , User ) , Section( Users ) user / login / SiteAccess( admin , fr , en ) I can login to the backoffice, create/edit/move users, but can't go to the users settings form... this might not be a real problem as the only possible action in this form is to activate/deactivate the account, but can anyone tell me what security policy has to be set up to authorize access to this form ? Twitter: @kevingaudin
Kristof Coomans	Monday 17 November 2008 6:35:29 am Hi Kevin You need to use the policy user/preferences. Note however this policy does not respect any limitations, so it will allow access to any user's settings (activate/deactivate). See http://ez.no/doc/ez_publish/technical_manual/4_0/reference/modules/user/views/setting and http://ez.no/doc/ez_publish/technical_manual/4_0/reference/modules/user/views/preferences independent eZ Publish developer and service provider \| http://blog.coomanskristof.be \| http://ezpedia.org

Author

Message

Kevin Gaudin

Wednesday 12 November 2008 1:11:54 am

Hello,

I'm trying to setup a specific group of users which are allowed to manage users and groups and nothing else (eZ Pub. v 4.0.0).

I'm using the following policies :

content / create / Subtree( Users ) , Class( User ) , Section( Users ) , ParentClass( User group )
content / create / Subtree( Users ) , Class( User group ) , Section( Users )
content / edit / Subtree( Users ) , Class( User group , User ) , Section( Users )
content / read / Subtree( Users ) , Section( Users )
content / move / No limitations
content / manage_locations / Subtree( Users ) , Class( User ) , Section( Users )
content / remove / Subtree( Users ) , Class( User group , User ) , Section( Users )
user / login / SiteAccess( admin , fr , en )

I can login to the backoffice, create/edit/move users, but can't go to the users settings form... this might not be a real problem as the only possible action in this form is to activate/deactivate the account, but can anyone tell me what security policy has to be set up to authorize access to this form ?

Twitter: @kevingaudin

Kristof Coomans

Monday 17 November 2008 6:35:29 am

Hi Kevin

You need to use the policy user/preferences. Note however this policy does not respect any limitations, so it will allow access to any user's settings (activate/deactivate).

See http://ez.no/doc/ez_publish/technical_manual/4_0/reference/modules/user/views/setting and http://ez.no/doc/ez_publish/technical_manual/4_0/reference/modules/user/views/preferences

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

eZ debug

Timing:	Jan 18 2025 11:25:57
Script start
Timing:	Jan 18 2025 11:25:57
Module start 'layout'
Timing:	Jan 18 2025 11:25:57
Module start 'content'
Timing:	Jan 18 2025 11:25:59
Module end 'content'
Timing:	Jan 18 2025 11:25:59
Script end

Main resources:

Total runtime	1.5860 sec
Peak memory usage	4,096.0000 KB
Database Queries	54

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0058	587.9375	152.6250
Module start 'layout'	0.0058	0.0034	740.5625	39.4453
Module start 'content'	0.0092	1.5751	780.0078	530.5781
Module end 'content'	1.5843	0.0017	1,310.5859	8.1563
Script end	1.5860		1,318.7422

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0031	0.1974	16	0.0002
Check MTime	0.0013	0.0805	16	0.0001
Mysql Total
Database connection	0.0011	0.0680	1	0.0011
Mysqli_queries	1.5401	97.1059	54	0.0285
Looping result	0.0006	0.0352	52	0.0000
Template Total	1.5491	97.7	2	0.7746
Template load	0.0021	0.1302	2	0.0010
Template processing	1.5471	97.5425	2	0.7735
Template load and register function	0.0001	0.0063	1	0.0001
states
state_id_array	0.0019	0.1170	1	0.0019
state_identifier_array	0.0020	0.1268	2	0.0010
Override
Cache load	0.0015	0.0934	14	0.0001
Sytem overhead
Fetch class attribute can translate value	0.0006	0.0369	2	0.0003
Fetch class attribute name	0.0009	0.0565	4	0.0002
XML
Image XML parsing	0.0012	0.0731	2	0.0006
class_abstraction
Instantiating content class attribute	0.0000	0.0021	4	0.0000
General
dbfile	0.0009	0.0542	22	0.0000
String conversion	0.0000	0.0006	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
2	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
2	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
3	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
1	content/datatype/view/ezxmltags/literal.tpl	<No override>	extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 10 Number of unique templates used: 6

Time used to render debug report: 0.0004 secs