[opencms-dev] Permissions model

HuyTran at c-mg.net HuyTran at c-mg.net
Fri Sep 26 07:05:53 CEST 2008 

Hi,

I faced the same problems before. I had to create the combined group such as
Arts_Technology and add the user to that group. This is easier for me as the
number of combinations  is not very large. The reason is CMS treat the
permissions in exclusive way, I mean if a user is both granted and denied to
access a folder, he will not be able to access that folder.

 

I’m not sure if your users will acess the workplace or in the sites. If it
is in the site, you can create some JSP code and put it to the templates of
the pages to check the permissions of user to that page. The approach may be
like this.

 

1. Get the resouce path of the page

2. Get the folder the resouce is in

3. Find the group correspond the folder

4. Check if user is in the group. If Not, redirect to error page.

 

So you only need to add user to the group and get rid of the permission
setting stuff in the folders. I think this is not very difficult to do. You
may need to look at CmsObject class.

 

Regards,

 

Huy

  _____  

From: opencms-dev-bounces at opencms.org
[mailto:opencms-dev-bounces at opencms.org] On Behalf Of Roberto Fernández
Sent: Friday, September 26, 2008 12:29 AM
To: opencms-dev at opencms.org
Subject: [opencms-dev] Permissions model

 

I am trying to find a way to easily add permission to folders. If I have
many groups, each one with permission over the folder of the group, I want
to be able to create users with more than one group, and that they have
access to the corresponding folders.

 

For example, I have teachers of many departments; every department has a
folder, and a group, and that group has permissions over the corresponding
folder, and denied permission to other department folders.

If I have a teacher that work in both departments "Arts" and "Technology",
if I create his user, and add both groups, hi will not have access to any of
the folders.

 

This happens because the most restrictive rule is applied, so as the user
belongs to "Arts" group, the permission to technology folder will be denied
for him, and as hi belongs to "Technology" group, the permission to arts
folder will be denied as well.

 

So, my question is, ¿is there any way to perform what I need? Id est, been
able to easily "add" permissions to an user, preferably assigning him
groups.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20080926/5c5cbce5/attachment.htm>

More information about the opencms-dev mailing list