[opencms-dev] Site-DropDown-Menu

Wolfgang Winzer wwinzer at ka-dus.de
Thu Jun 9 09:49:56 CEST 2005


Anatol wrote:

> Hi Wolfgang, hi all!
>
> Huargh! That's all very, very complex! Your hint to change the "Start 
> with site" Configuration was realy not bad! :-) But only one of at 
> least 1 million problems, and facts ... don't know, if I can descripe 
> them with my porley english, but I'l try it:

Oh c'mon, we all have seen worse... ;-)

>
> One important point is from which URL the user logged in. The URL 
> defined the place he/she was directet to. For example:
> mydomain1.com -> /sites/my1/
> mydomain2.org -> /sites/my2/
> (its defined by the opencms-system.xml file.)

Where do you take that wisdom from? I sneaked a look at the DTD 
(opencms-system.dtd) and found nothing hinting you could use it like 
this. Which tags have you added/changed?

<snip>

>
> If I do so, I get the correct behaviour! But this approach has a big 
> drawback: All the groups created until now or in the future in the 
> opencms has to add to every protected folder ! It's stupid, extensive, 
> long winded and - error-prone!
>
> I tried to solve this by using the Group Users. All the users created 
> in opencms are members of these group. I thought if I deny access for 
> the group Users and allow access for the group according to the 
> folder, that this could be an good solution, but the ACL is very 
> restrict! DENY is higher than ALLOW!

I have just played a bit with the permissions and it looks pretty much 
like windows filesystem permissions to me. In short: You don't want the  
DENY, just don't ALLOW! (btw DENY is always (e.g. Windows filesystem) 
higher than ALLOW, that's the whole point of it.) It should work with 
the following setup:

1) Log in as Adminstrator and navigate to folder "news" and edit 
permissions.
2) Add Group "Users" to access control entries
3) Remove all "Allowed" checks from "Users" but DO check "Overwrite 
Inherited" and "Inherit on subfolders"
4) Add Group "News" to access control entries
5) Give them all "Allowed" checks you want them to have  and "Inherit 
subfolders"

Now anybody who is only in Group "User" has no permission for the folder 
"news" whatsoever. Members of "News" however do.
Do the same to your "Events" folder.

Have fun!
Wolfgang



More information about the opencms-dev mailing list