Permissions...

« 
Previous topic
|
Suggestions
|
Next topic
 »
Author Message

perrin aybara

Monday 11 October 2004 12:48:40 am

I've been working with eZ Publish for a short while now, but only with template design. So when I today attempted to set permissions for content objects, i was pretty suprised by the hopeless role-system... where on earth is the logic? you have to go through way too many steps to set permissions for a content object. Why not adopt a more "standard" file-system permission-system? Protect content-nodes directly by setting permissions for users/user groups?

Oh well. one can only wish...

Frederik Holljen

Monday 11 October 2004 2:26:56 am

We used a file system kind of permission systems in the 2.x series and quickly discovered that it is way to limited for web use. One of the main problems is that users don't understand the permission controls and sets incorrect permissions giving others to many or to few permissions. It is also very hard for site administrators to find out what content is actually available for the site user and what content is not.

The current system allows you more fine grained control over the possiblities for the different users/user groups based on the actions of the modules without giving to much power to the users themselves. That said, an additional, more file system like, permission system could come in handy in some (few) cases.

Paul Borgermans

Monday 11 October 2004 3:04:37 am

<i>That said, an additional, more file system like, permission system could come in handy in some (few) cases.</i>

You bet! I've implemented a small simple file sharing area in one of our portals, and per object permissions while possible aren' that feasible (to implement).

-paul

eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans

Hans Melis

Tuesday 12 October 2004 2:45:07 am

The permission system indeed has room for improvement. Per object permissions would be nice to have, but it would also be nice to specify "deny" access rules.

All rules in the permission system are of the "allow" type. But if you have users who should be able to do a lot except a few things, you end up with a huge rule list in a role because you can't specify deny rules.

Hans
http://blog.hansmelis.be

Frederik Holljen

Tuesday 12 October 2004 4:56:16 am

Yes, both deny permissions and per object permissions would be really nice to have. It is not trivial to implement in a way that is not resource consuming however :/

Margon C.

Tuesday 26 October 2004 2:48:50 pm

That would be useful for me too.
I want to set user roles by folders, but the only way I could do this was by setting permission for section, but I need more specific role policies. I have n sections on my site, each one's administrated only by one user, I do not want the other users even to READ the other one's content... I can achieve the "create" and "edit" permissions but not "READ" permission, because I just don't get access to the content at all.
Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.

eZ debug

Timing: Jan 31 2025 01:29:05
Script start
Timing: Jan 31 2025 01:29:05
Module start 'layout'
Timing: Jan 31 2025 01:29:05
Module start 'content'
Timing: Jan 31 2025 01:29:06
Module end 'content'
Timing: Jan 31 2025 01:29:06
Script end

Main resources:

Total runtime0.7470 sec
Peak memory usage8,192.0000 KB
Database Queries72

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0042 588.0078151.1953
Module start 'layout' 0.00420.0041 739.2031220.6406
Module start 'content' 0.00830.7378 959.84384,590.5938
Module end 'content' 0.74610.0009 5,550.437515.8906
Script end 0.7469  5,566.3281 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00350.4706160.0002
Check MTime0.00130.1710160.0001
Mysql Total
Database connection0.00050.061610.0005
Mysqli_queries0.644686.2958720.0090
Looping result0.00080.1126700.0000
Template Total0.699993.720.3499
Template load0.00200.269120.0010
Template processing0.697893.423020.3489
Template load and register function0.00160.213710.0016
states
state_id_array0.00170.228510.0017
state_identifier_array0.00090.123420.0005
Override
Cache load0.00170.2252240.0001
Sytem overhead
Fetch class attribute can translate value0.00260.344050.0005
Fetch class attribute name0.00230.303090.0003
XML
Image XML parsing0.00190.258950.0004
class_abstraction
Instantiating content class attribute0.00000.0030100.0000
General
dbfile0.00110.1524280.0000
String conversion0.00000.000740.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplfull/forum_topic.tplextension/sevenx/design/simple/override/templates/full/forum_topic.tplEdit templateOverride template
6content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
6content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
4content/datatype/view/ezimage.tpl<No override>extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tplEdit templateOverride template
1content/datatype/view/ezxmltags/line.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/line.tplEdit templateOverride template
1print_pagelayout.tpl<No override>extension/community/design/community/templates/print_pagelayout.tplEdit templateOverride template
 Number of times templates used: 19
 Number of unique templates used: 6

Time used to render debug report: 0.0001 secs