[opencms-dev] Permissions model

Roberto Fernández rgfernan at gmail.com
Fri Sep 26 14:07:29 CEST 2008 

I forgot to say those folders I need to restrict to some groups, are
subfolders or sub-subfolders of main site folder. This is because they are
used to make some menus and lists. Then, I need the permissions to the
parents folder granted, and overwrite them with the restrictions over the
special group folders.
I think I will have to make combined groups as Huy described, because I can
do that without changing what I have already done.
A best approach may be making a public folder and a private folder in the
root of the site, and somehow combining them in the menus and lists...

I really appreciate I got answers, and so quickly,
      thank you very much!

              Roberto

2008/9/26 Andy Savin <A.D.Savin at bath.ac.uk>

>
> Hi,
>
> We have a similar setup here.  You need to simply untick the permission you
> don't want people to have rather than using denied.
>
> So for example all folders have the following ticked for the All others
> group:
>
> read allowed
> overwrite inherrited
> inherit on subfolders
>
> This prevents anyone from seeing and editing those folders.
>
> Then for each folder a department group is given the following:
>
> read allowed
> write allowed
> view allowed
> overwrite inherrited
> inherit on subfolders
>
> And also a second smaller group of editors (who are also contained in the
> first group):
>
> responsible
> publish directly allowed
> read allowed
> write allowed
> view allowed
> overwrite inherrited
> inherit on subfolders
>
> Other than those mentioned everything else is left unticked.
>
> This all works as intended.
>
> Regards,
>
> Andy
>
> --
> ----------------------------
>  WEB SYSTEMS DEVELOPER
>  Web Services
>  University of Bath
>  Tel: 01225 38 6275
> ----------------------------
>
> On Fri, 26 Sep 2008, HuyTran at c-mg.net wrote:
>
>  From: HuyTran at c-mg.net
>> To: 'The OpenCms mailing list' <opencms-dev at opencms.org>
>> Date: Fri, 26 Sep 2008 12:05:53 +0700
>> Subject: Re: [opencms-dev] Permissions model
>> Reply-To: The OpenCms mailing list <opencms-dev at opencms.org>
>> X-Spam-Score: 0.5 (/)
>>
>>
>> Hi,
>>
>> I faced the same problems before. I had to create the combined group such
>> as
>> Arts_Technology and add the user to that group. This is easier for me as
>> the
>> number of combinations  is not very large. The reason is CMS treat the
>> permissions in exclusive way, I mean if a user is both granted and denied
>> to
>> access a folder, he will not be able to access that folder.
>>
>>
>>
>> I'm not sure if your users will acess the workplace or in the sites. If it
>> is in the site, you can create some JSP code and put it to the templates
>> of
>> the pages to check the permissions of user to that page. The approach may
>> be
>> like this.
>>
>>
>>
>> 1. Get the resouce path of the page
>>
>> 2. Get the folder the resouce is in
>>
>> 3. Find the group correspond the folder
>>
>> 4. Check if user is in the group. If Not, redirect to error page.
>>
>>
>>
>> So you only need to add user to the group and get rid of the permission
>> setting stuff in the folders. I think this is not very difficult to do.
>> You
>> may need to look at CmsObject class.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Huy
>>
>>  _____
>>
>> From: opencms-dev-bounces at opencms.org
>> [mailto:opencms-dev-bounces at opencms.org] On Behalf Of Roberto Fernández
>> Sent: Friday, September 26, 2008 12:29 AM
>> To: opencms-dev at opencms.org
>> Subject: [opencms-dev] Permissions model
>>
>>
>>
>> I am trying to find a way to easily add permission to folders. If I have
>> many groups, each one with permission over the folder of the group, I want
>> to be able to create users with more than one group, and that they have
>> access to the corresponding folders.
>>
>>
>>
>> For example, I have teachers of many departments; every department has a
>> folder, and a group, and that group has permissions over the corresponding
>> folder, and denied permission to other department folders.
>>
>> If I have a teacher that work in both departments "Arts" and "Technology",
>> if I create his user, and add both groups, hi will not have access to any
>> of
>> the folders.
>>
>>
>>
>> This happens because the most restrictive rule is applied, so as the user
>> belongs to "Arts" group, the permission to technology folder will be
>> denied
>> for him, and as hi belongs to "Technology" group, the permission to arts
>> folder will be denied as well.
>>
>>
>>
>> So, my question is, ¿is there any way to perform what I need? Id est, been
>> able to easily "add" permissions to an user, preferably assigning him
>> groups.
>>
>>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20080926/fe4f05bb/attachment.htm>

More information about the opencms-dev mailing list