I've written an extension and I'm now trying integrate it into the ACL. I've been using the documentation here: http://docs.joomla.org/Developing_a_Model-View-Controller_Component/2.5/Adding_ACL
Thus far I've been able to set access for the entire component but what I really want is to enable one user group to perform actions on a certain "view", if you will, while another group is denied access to that particular view. I'm guessing it's what's explained here: http://docs.joomla.org/Developing_a_Model-View-Controller_Component/2.5/Adding_ACL#Adding_more_actions.2C_also_at_category_level_and_item_level
The problem I'm having is when I click the Options button and change the access options and save, the selected options aren't saved. I've added the asset functions in my table-class and I've added the asset_id column in my table.
http://i50.tinypic.com/ofsjtt.png
Does anyone know what I'm doing wrong? Is it even possible to separate permissions like this?
The viewing access level is called "ViewLevels" http://docs.joomla.org/Access_Control_List/2.5/Tutorial#ACL_View_Access_Levels_Examples.
If you want people to perform certain actions on certain items, then you need to create an other set of permissions for these items different than the component acl.
For example you have a shop component, you have ACL for the component but you can have ACL for the product categories only.
Related
I readed doku and search about middleware on october informations, but nothing find what me can help.
My Problem:
I created Plugin and use RainLab User Plugin for Frontend Editoring of Content.
Frontend Content spilt up on Section, Group and Article.
Single Users become different access: hiddem, show, edit and more for sections and articles.
The site works with one plugin on content load dynamic.
How i can load content for single user by access config?
My solution:
I added on backend some functions to give access for users.
rainlab user content access
All access configs saved and works.
My idee is to create middleware to load content but i find nothing what can help me.
Docu tell me you can create middleware but middleware load all time on frontend, backend, all pages on website. This is not good solution.
https://octobercms.com/docs/backend/controllers-ajax#controller-middleware
In addition comes if i debug on middleware, so rainlab user functions not working, no informations about url request.
Why add middleware when you must load and create all classes and functions by himself??
I need middleware only for frontend and only for plugin or component.
I hope somebody can me help to find another solution or idee to fix it.
I think there is nothing left but to implement the content access in respective component on onRun function. :( and problem by this solution is: return Redirect not working outside a class or function (only on onRun)
There is Problem with your approach, as you want middleware and also you want to make sure it run for specific plugins and component. middleware worked based on request and request may have information about URL etc. but not about plugin & component etc so it can not determine when to run based on plugin etc..`
So you may use Different approach. and it will work with Frontend also with ajax requests.
You can create component inside your plugin, It will assessment all the access for logged in user if user is logged in. if user is not logged in you can provide different assessment access.
Now you need to add this component to your layout and now all pages which are using this layout have this access information from the beginning.
Now this component inject access information to page, So your Page and plugin's components can have this information readily available. now from your component inside onRun you can handle redirect at very top.
Component is not to define access, its just inject predefined access information which is in database [ as you said you use users plugin so fetch it and inject it ] to the page
Component will be specifically just inject access information to page. And that Component will be on layout so. it will automatically trigger for that layout pages. so it will executed first and based on that you can decide how to use it. you can also render conditional component based on that. as you can have access information in markup part as well so
if you have any doubt or questions please comment.
I have been investigating the best method to create a complex permission based system and I am using the Yii2 framework and noticed it includes good RBAC support, however I am not sure if it is right for my situation.
What I am looking for I guess is similar to what a forum system would use where you can make groups and then you can select what permissions each of those groups are allowed to do.
I have noticed that with RBAC that you add your roles and if you add and admin and a author for example you can then add the author as a child of admin and then admin can do everything authors can + whatever other permissions you give them.
Do you have to do it like this or can you do all the permissions separately? Is adding the author as a child of admin just a quicker/cleaner way to give admin all the same permissions a lower level group has and then you can then add extra permissions on top?
I worry about doing it this way though because what if you remove a permission from the author, then all of a sudden the admin will lose that permission to unless they gain it from another child or are given it separately.
Can I still utilise RBAC for my needs or should I look at doing something custom?
The RBAC system of Yii2 is very powerful, you can effectly add yor group pemission to a parent and later if need to revoke a single permission the the child group you can add what you need only when and how you need.
I am trying to do the following in Drupal 7:
Users in my website will post ads and others will pay to get in touch with the author of the ad.
Users that are buying the contact information have to see all of the content of the ad(node), except for the author. After they pay, they should see an extra field in the ad, telling them who the author is.
My question is:
How can I control the user access per node and per user for a specific part of the node? Are there any modules for this?
Also, a relation between the user and the ad would be nice, since I will later have to list all ads for a user, etc..
I found many plugins, but they seem to deny or allow access to the entire node and my functionality should be different.
Thanks in advance
In order to allow only specific users or roles to view specific nodes, this module can help you:
https://www.drupal.org/project/nodeaccess
Also, as you want to restrict permission by field, the Field Permissions module can do the work for you:
https://www.drupal.org/project/field_permissions
Of course you might need to write some custom code or use Rules module to grant permission to the users who are going to be allowed to see some nodes/fields based on actions they do on your website.
I need to modify the Magento admin system to allow authenticated users to find products via manufacturer and category.
So, basically, either two select elements which an option for each manufacturer/category, or two autocomplete boxes.
What I need help with is how to get started. I can guess I edit the views to add the controls (which I've figured out how to do), but then where would I add the code to allow this functionality? Do I modify queries or modify how the model gets the products?
We are new to Expression Engine and could maybe use some help from anyone who has built a few sites using this CMS.
We have a small dashboard system where users log in and read articles that are submitted from other authors. We are wanting to have a form which allows a member to chose which categories of articles he would like to be on his home page when he logs in. Then we'd like to figure out how to actually create that home page so that only the categories of articles that the user has chosen are visible.
From a DB standpoint this seems to be a one to many relationship between a member and categories, but we don't have a clear idea how to accomplish this inside of EE (without raw PHP/queries), especially using the Member module, since it isn't a channel and doesn't seem to allow creating relationships in the member custom fields.
We looked at creating a custom field for every category type, but there are about 95, and as we add or remove them, it would be extremely cumbersome to try to keep up with them all. Even if we did we still aren't sure how to connect 1 member to many categories or many entries via a category.
We'll update the question later to add some of the code we (if any) that we've come up with
In short, there isn't going to be a built in way to handle this. That isn't to say however that this can't be handled with some modules that are already out there. Let me ask you this. When you have users logging in, are they logging in to Expression Engine itself's backend, or the login system that you have created on a public facing website.