User Permissions - Limit Functionality

Next topic

Author	Message
Philip Redmon	Tuesday 20 July 2004 2:06:01 pm I have a site that functions as a procurement-like database. Users are allowed to enter items in the custom Entry Class. However, some users need to be able to view the entire Entry Class including a cost attribute, and some users need to be able to NOT view this cost attribute. The three different types of users are: Admin (all), Editor (View/Add/Edit/Delete Self, View all other's entries except cost attribute), User (View all entries except cost attribute). I don't see how user roles can be used to allow this to happen. Any ideas?
Bruce Morrison	Tuesday 20 July 2004 6:49:19 pm Hi eZ Publish permissions work on objects and don't extend to object attributes. I believe that your only option in this case to to build the user checking into the Entry template. This may shed some light on how to do this http://ez.no/ez_publish/documentation/customization/tips_tricks/hiding_attribute_content Cheers Bruce http://www.designit.com.au/ My Blog: http://www.stuffandcontent.com/ Follow me on twitter: http://twitter.com/brucemorrison Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish
Philip Redmon	Thursday 12 August 2004 8:43:53 am For any interested, I set up the solution by disallowing all users except admin to view two specific attributes (cost, costnotes) for this list view, and then created a user role to allow for "edit self". So, if you are admin, you can view all attributes on a browse page, and are allowed to edit all files. If you are an editor, you can view all attributes except two on a browse page, and are allowed to edit your own files and view the cost from the edit form. If you are a generic user, you are only allowed to view attributes on the browse page and are not allowed to view the cost. <table width=100% border=1 bordercolor=#660000 cellpadding=10 cellspacing=0> {* Loop through all the entries. } {section name=collectionLoop loop=$collectionList} <tr><td> {section show=$:item.object.can_edit} <form method="post" action={"content/action/"\|ezurl}> <input type="hidden" name="RedirectURI" value="{concat("/edit/",$:item.object.id,"/")}" /> <input class="button" type="submit" name="EditButton" value="{'Edit'\|i18n('design/standard/node/view')}" /> <input class="button" type="submit" name="ActionRemove" value="{'Remove'\|i18n('design/standard/node/view')}" /> <input type="hidden" name="ContentNodeID" value="{$:item.node_id}" /> </form> {/section} <br /> { grab and show all attributes for this object } {default content_object=$node.object content_version=$node.contentobject_version_object node_name=$node.name} {section name=Attribute loop=$:item.contentobject_version_object.contentobject_attributes} {let user=fetch( 'user', 'current_user' ) is_admin=$:user.groups\|contains( 12 ) is_self=$node.creator.id\|contains($:user.contentobject_id)} {switch match=$:item.contentclass_attribute.identifier} {case match="cost"} { only display cost if this is an administrator } {section show=$:is_admin } { Display your attribute and attribute value } {$:item.contentclass_attribute.name} :{attribute_view_gui attribute=$:item} {/section} {/case} {case match="costnotes"} { only display costnotes if this is an administrator } {section show=$:is_admin} { Display your attribute and attribute value } {$:item.contentclass_attribute.name} :{attribute_view_gui attribute=$:item} {/section} {/case} {case} { default, display as normal } { Display your attribute and attribute value } {$:item.contentclass_attribute.name} :{attribute_view_gui attribute=$:item} {/case} {/switch} {/let} {/section} {/default} { End Loop through all entries *} {/section} </table>

Author

Message

Tuesday 20 July 2004 2:06:01 pm

I have a site that functions as a procurement-like database. Users are allowed to enter items in the custom Entry Class. However, some users need to be able to view the entire Entry Class including a cost attribute, and some users need to be able to NOT view this cost attribute.

The three different types of users are: Admin (all), Editor (View/Add/Edit/Delete Self, View all other's entries except cost attribute), User (View all entries except cost attribute).

I don't see how user roles can be used to allow this to happen. Any ideas?

Bruce Morrison

Tuesday 20 July 2004 6:49:19 pm

eZ Publish permissions work on objects and don't extend to object attributes. I believe that your only option in this case to to build the user checking into the Entry template.

This may shed some light on how to do this
http://ez.no/ez_publish/documentation/customization/tips_tricks/hiding_attribute_content

Cheers
Bruce http://www.designit.com.au/

My Blog: http://www.stuffandcontent.com/
Follow me on twitter: http://twitter.com/brucemorrison
Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish

Philip Redmon

Thursday 12 August 2004 8:43:53 am

For any interested, I set up the solution by disallowing all users except admin to view two specific attributes (cost, costnotes) for this list view, and then created a user role to allow for "edit self".

So, if you are admin, you can view all attributes on a browse page, and are allowed to edit all files.

If you are an editor, you can view all attributes except two on a browse page, and are allowed to edit your own files and view the cost from the edit form.

If you are a generic user, you are only allowed to view attributes on the browse page and are not allowed to view the cost.

<table width=100% border=1 bordercolor=#660000 cellpadding=10 cellspacing=0>

{* Loop through all the entries. *}
{section name=collectionLoop loop=$collectionList}

<tr><td>
 
{section show=$:item.object.can_edit}
   <form method="post" action={"content/action/"|ezurl}>

   <input type="hidden" name="RedirectURI" value="{concat("/edit/",$:item.object.id,"/")}" />
   <input class="button" type="submit" name="EditButton" value="{'Edit'|i18n('design/standard/node/view')}" />

   <input class="button" type="submit" name="ActionRemove" value="{'Remove'|i18n('design/standard/node/view')}" />
   <input type="hidden" name="ContentNodeID" value="{$:item.node_id}" />

   </form>
{/section}
<br />

{* grab and show all attributes for this object *}
{default content_object=$node.object
         content_version=$node.contentobject_version_object
         node_name=$node.name}

{section name=Attribute loop=$:item.contentobject_version_object.contentobject_attributes}

{let user=fetch( 'user', 'current_user' )
                is_admin=$:user.groups|contains( 12 )
                is_self=$node.creator.id|contains($:user.contentobject_id)}

    {switch match=$:item.contentclass_attribute.identifier}

      {case match="cost"}
      {* only display cost if this is an administrator *}
        {section show=$:is_admin }
{* Display your attribute and attribute value *}
{$:item.contentclass_attribute.name}
:{attribute_view_gui attribute=$:item}
        {/section}
      {/case}

      {case match="costnotes"}
      {* only display costnotes if this is an administrator *}
        {section show=$:is_admin}
{* Display your attribute and attribute value *}
{$:item.contentclass_attribute.name}
:{attribute_view_gui attribute=$:item}
        {/section}
      {/case}

      {case}
      {* default, display as normal *}
{* Display your attribute and attribute value *}
{$:item.contentclass_attribute.name}
:{attribute_view_gui attribute=$:item}
      {/case}
    {/switch}
    {/let}
    {/section}
    {/default}

{* End Loop through all entries *}
{/section}
</table>

eZ debug

Timing:	Jan 31 2025 07:37:43
Script start
Timing:	Jan 31 2025 07:37:43
Module start 'layout'
Timing:	Jan 31 2025 07:37:43
Module start 'content'
Timing:	Jan 31 2025 07:37:44
Module end 'content'
Timing:	Jan 31 2025 07:37:44
Script end

Main resources:

Total runtime	1.0556 sec
Peak memory usage	4,096.0000 KB
Database Queries	57

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0045	588.2500	151.2266
Module start 'layout'	0.0045	0.0025	739.4766	36.6797
Module start 'content'	0.0070	1.0478	776.1563	939.5234
Module end 'content'	1.0548	0.0007	1,715.6797	11.8281
Script end	1.0555		1,727.5078

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0030	0.2832	16	0.0002
Check MTime	0.0013	0.1223	16	0.0001
Mysql Total
Database connection	0.0006	0.0545	1	0.0006
Mysqli_queries	1.0090	95.5861	57	0.0177
Looping result	0.0005	0.0449	55	0.0000
Template Total	1.0246	97.1	2	0.5123
Template load	0.0018	0.1707	2	0.0009
Template processing	1.0228	96.8949	2	0.5114
Template load and register function	0.0014	0.1312	1	0.0014
states
state_id_array	0.0016	0.1522	1	0.0016
state_identifier_array	0.0017	0.1657	2	0.0009
Override
Cache load	0.0015	0.1385	20	0.0001
Sytem overhead
Fetch class attribute can translate value	0.0007	0.0685	2	0.0004
Fetch class attribute name	0.0017	0.1575	4	0.0004
XML
Image XML parsing	0.0016	0.1494	2	0.0008
class_abstraction
Instantiating content class attribute	0.0000	0.0008	4	0.0000
General
dbfile	0.0033	0.3133	16	0.0002
String conversion	0.0000	0.0007	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
3	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
5	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
1	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
2	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
1	content/datatype/view/ezxmltags/literal.tpl	<No override>	extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 14 Number of unique templates used: 7

Time used to render debug report: 0.0001 secs