[opencms-dev] Permissions model

Andy Savin A.D.Savin at bath.ac.uk
Fri Sep 26 09:31:42 CEST 2008


Hi,

We have a similar setup here.  You need to simply untick the permission 
you don't want people to have rather than using denied.

So for example all folders have the following ticked for the All others 
group:

read allowed
overwrite inherrited
inherit on subfolders

This prevents anyone from seeing and editing those folders.

Then for each folder a department group is given the following:

read allowed
write allowed
view allowed
overwrite inherrited
inherit on subfolders

And also a second smaller group of editors (who are also contained in the 
first group):

responsible
publish directly allowed
read allowed
write allowed
view allowed
overwrite inherrited
inherit on subfolders

Other than those mentioned everything else is left unticked.

This all works as intended.

Regards,

Andy

-- 
----------------------------
   WEB SYSTEMS DEVELOPER
   Web Services
   University of Bath
   Tel: 01225 38 6275
----------------------------

On Fri, 26 Sep 2008, HuyTran at c-mg.net wrote:

> From: HuyTran at c-mg.net
> To: 'The OpenCms mailing list' <opencms-dev at opencms.org>
> Date: Fri, 26 Sep 2008 12:05:53 +0700
> Subject: Re: [opencms-dev] Permissions model
> Reply-To: The OpenCms mailing list <opencms-dev at opencms.org>
> X-Spam-Score: 0.5 (/)
> 
> Hi,
>
> I faced the same problems before. I had to create the combined group such as
> Arts_Technology and add the user to that group. This is easier for me as the
> number of combinations  is not very large. The reason is CMS treat the
> permissions in exclusive way, I mean if a user is both granted and denied to
> access a folder, he will not be able to access that folder.
>
>
>
> I’m not sure if your users will acess the workplace or in the sites. If it
> is in the site, you can create some JSP code and put it to the templates of
> the pages to check the permissions of user to that page. The approach may be
> like this.
>
>
>
> 1. Get the resouce path of the page
>
> 2. Get the folder the resouce is in
>
> 3. Find the group correspond the folder
>
> 4. Check if user is in the group. If Not, redirect to error page.
>
>
>
> So you only need to add user to the group and get rid of the permission
> setting stuff in the folders. I think this is not very difficult to do. You
> may need to look at CmsObject class.
>
>
>
> Regards,
>
>
>
> Huy
>
>  _____
>
> From: opencms-dev-bounces at opencms.org
> [mailto:opencms-dev-bounces at opencms.org] On Behalf Of Roberto Fernández
> Sent: Friday, September 26, 2008 12:29 AM
> To: opencms-dev at opencms.org
> Subject: [opencms-dev] Permissions model
>
>
>
> I am trying to find a way to easily add permission to folders. If I have
> many groups, each one with permission over the folder of the group, I want
> to be able to create users with more than one group, and that they have
> access to the corresponding folders.
>
>
>
> For example, I have teachers of many departments; every department has a
> folder, and a group, and that group has permissions over the corresponding
> folder, and denied permission to other department folders.
>
> If I have a teacher that work in both departments "Arts" and "Technology",
> if I create his user, and add both groups, hi will not have access to any of
> the folders.
>
>
>
> This happens because the most restrictive rule is applied, so as the user
> belongs to "Arts" group, the permission to technology folder will be denied
> for him, and as hi belongs to "Technology" group, the permission to arts
> folder will be denied as well.
>
>
>
> So, my question is, ¿is there any way to perform what I need? Id est, been
> able to easily "add" permissions to an user, preferably assigning him
> groups.
>
>


More information about the opencms-dev mailing list