Persmissions Usage
1 view
Skip to first unread message
Phil -- wbtc.fr --
Oct 5, 2010, 7:14:23 AM10/5/10
to in-por...@googlegroups.com
Hello guys,
here is a question which might be usefull for everybody who do theme customization: how does the permission's tab informations are used by In-Portal?
Do we need to use an inp2:m_if check="x_HasPermission" to use them? (where "x" is module name)?
Is there another way to retrieve permissions settings?
Is there any core embedded functions about them?
Phil.
here is a question which might be usefull for everybody who do theme customization: how does the permission's tab informations are used by In-Portal?
Do we need to use an inp2:m_if check="x_HasPermission" to use them? (where "x" is module name)?
Is there another way to retrieve permissions settings?
Is there any core embedded functions about them?
Phil.
Alexander Obuhovich
Oct 5, 2010, 7:19:26 AM10/5/10
to in-por...@googlegroups.com
Is there another way to retrieve permissions settings?
To check any system unit permission tag "m_CheckPermission" should be specified in "check" parameter of "m_if" tag.Do we need to use an inp2:m_if check="x_HasPermission" to use them? (where "x" is module name)?
- l - for links
- n - for articles
- bb - for topics
- p - for products
Is there any core embedded functions about them?
Best Regards,
http://www.in-portal.com
http://www.alex-time.com
Phil -- wbtc.fr --
Oct 5, 2010, 7:39:36 AM10/5/10
to in-por...@googlegroups.com
Thanks dor details.
By Core embedded function, I wanted to know if there is anything In-Portal do even if we don't use checking permission tag (like denying access to a page, a content...)
By Core embedded function, I wanted to know if there is anything In-Portal do even if we don't use checking permission tag (like denying access to a page, a content...)
2010/10/5 Alexander Obuhovich <aik....@gmail.com>
Alexander Obuhovich
Oct 5, 2010, 7:45:22 AM10/5/10
to in-por...@googlegroups.com
Yes, when user, who visits page doesn't have access to data displayed on the page, then he is redirected to "No Permission" page automatically. For example, when:
- someone guesses URL to pending link detail page;
- tries to edit link he haven't created by forging url;
- tries to view details of other user's order by placing it's ID on order history page.
Phil -- wbtc.fr --
Oct 5, 2010, 11:07:34 AM10/5/10
to in-por...@googlegroups.com
Let me add these options, found in default theme:
c_HasPermission > In-Portal categories permissions management?
HasPermission > Is there any rules to use without prefix?
c_HasPermission > In-Portal categories permissions management?
HasPermission > Is there any rules to use without prefix?
2010/10/5 Alexander Obuhovich <aik....@gmail.com>
Alexander Obuhovich
Oct 5, 2010, 1:16:03 PM10/5/10
to in-por...@googlegroups.com
Prefix is omitted, when used from DefineElement that is used from PrintList tag. That is general rule for all cases, when prefix could be omitted.
c_HasPermission > In-Portal categories permissions management?
yes.
c_HasPermission > In-Portal categories permissions management?
Phil -- wbtc.fr --
Oct 5, 2010, 2:40:19 PM10/5/10
to in-por...@googlegroups.com
I have an issue, using
<inp2:m_if check="c_HasPermission" permissions="CATEGORY.VIEW">
it doesn't seems to work for index.tpl file.
I've included the above "category.view" permission in default design tpl, to benefit of permission system for the whole website. While other pages are displaying, the index page doesn't. I've checked permissions for "everybody","visitors", "logged users", but no luck here.
<inp2:m_if check="c_HasPermission" permissions="CATEGORY.VIEW">
it doesn't seems to work for index.tpl file.
I've included the above "category.view" permission in default design tpl, to benefit of permission system for the whole website. While other pages are displaying, the index page doesn't. I've checked permissions for "everybody","visitors", "logged users", but no luck here.
2010/10/5 Alexander Obuhovich <aik....@gmail.com>
Alexander Obuhovich
Oct 5, 2010, 3:25:41 PM10/5/10
to in-por...@googlegroups.com
Does it work on http://www.your-web-site.com/index.html and http://www.your-web-site.com/ urls or only on one of them. In this case, which one.
Phil -- wbtc.fr --
Oct 5, 2010, 4:12:12 PM10/5/10
to in-por...@googlegroups.com
I precise I use another theme, I have the theme in URL:
http://www.your-web-site.com/advanced/index.html > doesn't work (permission check not passed)
http://www.your-web-site.com/advanced/ > works (I see error page correctly, permission check passed)
http://www.your-web-site.com/advanced/index.html > doesn't work (permission check not passed)
http://www.your-web-site.com/advanced/ > works (I see error page correctly, permission check passed)
2010/10/5 Alexander Obuhovich <aik....@gmail.com>
Alexander Obuhovich
Oct 5, 2010, 4:25:31 PM10/5/10
to in-por...@googlegroups.com
I've tested and I can verify, that it doesn't work neither way.
Administrator can only set permission on "Content" category (usually it has ID #1 in database). But, when you visit index page you are in category with ID #0 (doesn't exist in database). So I propose to detect current category as ID of "Content" category instead of 0. This will solve it.
Side effect of such change will be to search for all places that actually are checking for current category to 0 to detect if we are on index page or not.
Here is a task for it: http://tracker.in-portal.org/view.php?id=880
Administrator can only set permission on "Content" category (usually it has ID #1 in database). But, when you visit index page you are in category with ID #0 (doesn't exist in database). So I propose to detect current category as ID of "Content" category instead of 0. This will solve it.
Side effect of such change will be to search for all places that actually are checking for current category to 0 to detect if we are on index page or not.
Here is a task for it: http://tracker.in-portal.org/view.php?id=880
Alexander Obuhovich
Oct 5, 2010, 5:22:16 PM10/5/10
to in-por...@googlegroups.com
Here is the patch (also attached to the task). If works, then mark appropriate task as tested.
Suddenly found way how to make that change quick and without any dirty code changes, that I'll be regretting in later releases.
Suddenly found way how to make that change quick and without any dirty code changes, that I'll be regretting in later releases.
Phil -- wbtc.fr --
Oct 5, 2010, 5:24:27 PM10/5/10
to in-por...@googlegroups.com
thanks for this quick fix !
I found a workaround, by putting index page code as default content in default design, it also make the work as we rarely want to obfuscate index page :)
I found a workaround, by putting index page code as default content in default design, it also make the work as we rarely want to obfuscate index page :)
2010/10/5 Alexander Obuhovich <aik....@gmail.com>
Reply all
Reply to author
Forward
0 new messages