Forums / Setup & design / Roles and blocking access to folders

"Please Note:

At the specific request of Ibexa we are changing this projects name to "Exponential" or "Exponential (CMS)" effective as of August, 11th 2025.
This project is not associated with the original eZ Publish software or its original developer, eZ Systems or Ibexa".

Roles and blocking access to folders

«

Previous topic

|

|

Next topic

»

Author	Message
Steve Conrad	Tuesday 11 January 2005 2:40:51 am Hi there, I have a problem that I can't seem to solve. I'm working on an Intranet that isn't using virtual hosts. I have a structure like this: HOME \|--- Sub1 \|--- Sub2 \|--- Sub3 When an admin user logs on they get the Sub1-3 at the top of the page as links to visit and the address they are looking at is http://server/index.php/home/ This is all working fine. However, I also want a set of users that can only see folder sub3. I set up a role that has the following access: Business (limited to subtree /1/2/79/) user all functions Nolimitations Business (limited to subtree /1/2/79/) content read Nolimitations [I've also tried: user all functions No limitations content read Subtree( Sub3 ) ] at is http://server/index.php/home/ and they are only authorised to read http://server/index.php/home/Sub3 and downwards? How can I either (a) authorise a user to the http://server/index.php/home/ folder, but not include Sub1 and Sub2 at the same time or (b) Force a user logging on under this role to automatically jump to http://server/index.php/home/Sub3 after logging on? Once I get the 'access denied' page I can actually change the URL myself to go to http://server/index.php/home/sub3 and this works fine (Except if I click the logo where it tries to jump back to http://server/index.php/home/ again!). Secondly, I've also noticed that if I log on as this business user and try to edit it's own account I again get an 'access denied' since the URL I'm getting is http://server/index.php/home/content/edit/289 (289 being the number of the user in question). I'm assuming the function 'selfedit' under user should allow this - but I'm not getting the option to work. Strangely the 'change password' option does work though!
Eivind Marienborg	Tuesday 11 January 2005 3:17:21 am You could try setting up different sections for the different folders, and grating access based on those.
Steve Conrad	Tuesday 11 January 2005 3:28:35 am Hmm.. as I thought - Adding a section (Business_section) and assigning a subtree to this, then setting the role to: user all functions No limitations content read Section( Business_section ) Still gives me the same result - i.e. the user is only authorised to the sub-tree 'sub3' and not to the main page 'home', and the main page is not a subtree itself that I can add to anywhere (either a role directly or via a section) :(
Steve Conrad	Tuesday 11 January 2005 4:08:06 am Ah - some more playing about and I think I'm close to a solution: The breakthrough was noticing an UpArrow icon on one of the screens! When you add a subtree (or a single node even) the system shows you the main set of subtrees automatically. However, I've now noticed that you can use an uparrow icon (top left, above the 10,25,50 figures). This allows you to move above the subtrees and back to the top level node (Home in my case). I can then select this and authorise just the Home node to the policy plus the subtree(s) of my choice. I've now got the policy looking like this: user all functions No limitations content read Node( Home ) content read Subtree( sub3 ) And this seems to fix my problem. :)
Steve Conrad	Tuesday 11 January 2005 4:11:12 am In the same vein, adding the following to the policy: content edit Subtree( Users ) content read Subtree( Users ) Has enable me to get the restriced user to be able to update their own account details.