Security groups with selections dropdown
32 views
Skip to first unread message
ashil...@aimia.com
Dec 14, 2017, 3:23:21 PM12/14/17
to Hippo Community
Hi
I've created a new security group ('partner-execs') using the Groovy script found one the onehippo.org website (1).
The group restricts access to the 'partners' folder within documents. The 'partners' folder is restricted to only allow documenttypes of 'partnerdocument'. The issue is this document contains a mandatory dropdown field (configured via the Selections plugin), which references a value list document within the 'administration' folder. As the user group doesn't have access to this document/folder, when they edit a document, the dropdown isn't populated and as a result they cannot save the document.
I can extend the group to allow access to the value list, but this isn't ideal as it means the users can view/edit this value list as well when they login. Is it possible to:
a) at the minimum, set the value list to be 'readonly' for this user group
b) allow access to the the value list for this user group, but not have it visible in the CMS?
Thanks
Ashil
1. https://www.onehippo.org/library/concepts/update/groovy-update-script-examples.html
I've created a new security group ('partner-execs') using the Groovy script found one the onehippo.org website (1).
The group restricts access to the 'partners' folder within documents. The 'partners' folder is restricted to only allow documenttypes of 'partnerdocument'. The issue is this document contains a mandatory dropdown field (configured via the Selections plugin), which references a value list document within the 'administration' folder. As the user group doesn't have access to this document/folder, when they edit a document, the dropdown isn't populated and as a result they cannot save the document.
I can extend the group to allow access to the value list, but this isn't ideal as it means the users can view/edit this value list as well when they login. Is it possible to:
a) at the minimum, set the value list to be 'readonly' for this user group
b) allow access to the the value list for this user group, but not have it visible in the CMS?
Thanks
Ashil
1. https://www.onehippo.org/library/concepts/update/groovy-update-script-examples.html
Jeroen Hoffman
Dec 15, 2017, 4:41:44 AM12/15/17
to hippo-c...@googlegroups.com
Hi,
Making a field readonly is possible by setting "mode=view" on the UI plugin at /hippo:namespaces/your-namespace/your-doctype/editor:templates/_default_/your-field
For the authorization, it seems whether you choose hide or readonly, you need to allow access to the value list anyway.
In your case this could work for readonly: duplicate 'your-field' config to 'your-field-readonly' and set the property mode=view
Using domain rules, hide the 'your-field' for the partner group, hide 'your-field-readonly' for the rest.
HTH
Jeroen
--
Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
To post to this group, send email to hippo-community@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-community+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/hippo-community.
For more options, visit https://groups.google.com/d/optout.
ashil...@aimia.com
Dec 15, 2017, 8:42:45 AM12/15/17
to Hippo Community
Hi Jeroen
Thanks for responding for so quickly.
Unfortunately this isn't what I'm after. I want the user to still be able to edit the field within the document, I just don't want them to be able to edit/view the actual value list that's populating field (i.e. by able to add/remove options from the dropdown). It's cool, I guess I'll just have to grant them access to that value list document for now.
Thanks
Ashil
Thanks for responding for so quickly.
Unfortunately this isn't what I'm after. I want the user to still be able to edit the field within the document, I just don't want them to be able to edit/view the actual value list that's populating field (i.e. by able to add/remove options from the dropdown). It's cool, I guess I'll just have to grant them access to that value list document for now.
Thanks
Ashil
On Friday, December 15, 2017 at 9:41:44 AM UTC, jeroen.hoffman wrote:
Hi,Making a field readonly is possible by setting "mode=view" on the UI plugin at /hippo:namespaces/your-namespace/your-doctype/editor:templates/_default_/your-fieldFor the authorization, it seems whether you choose hide or readonly, you need to allow access to the value list anyway.In your case this could work for readonly: duplicate 'your-field' config to 'your-field-readonly' and set the property mode=viewUsing domain rules, hide the 'your-field' for the partner group, hide 'your-field-readonly' for the rest.HTHJeroen
On Thu, Dec 14, 2017 at 9:23 PM, <ashil...@aimia.com> wrote:
Hi
I've created a new security group ('partner-execs') using the Groovy script found one the onehippo.org website (1).
The group restricts access to the 'partners' folder within documents. The 'partners' folder is restricted to only allow documenttypes of 'partnerdocument'. The issue is this document contains a mandatory dropdown field (configured via the Selections plugin), which references a value list document within the 'administration' folder. As the user group doesn't have access to this document/folder, when they edit a document, the dropdown isn't populated and as a result they cannot save the document.
I can extend the group to allow access to the value list, but this isn't ideal as it means the users can view/edit this value list as well when they login. Is it possible to:
a) at the minimum, set the value list to be 'readonly' for this user group
b) allow access to the the value list for this user group, but not have it visible in the CMS?
Thanks
Ashil
1. https://www.onehippo.org/library/concepts/update/groovy-update-script-examples.html
--
Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
To post to this group, send email to hippo-c...@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-communi...@googlegroups.com.
Eleftherios Karamoulas
Dec 15, 2017, 8:48:57 AM12/15/17
to hippo-c...@googlegroups.com
If i understood correctly you want to restrict who can edit value list documents ?
Would it be an option to have all value list docs in one folder and grant access to this folder to a specific group?
Have a look at https://www.onehippo.org/library/concepts/security/authorization-use-cases/deny-access-to-a-folder.html
Hope that helps
Kind regards,
Lef
To post to this group, send email to hippo-community@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-community+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/hippo-community.
For more options, visit https://groups.google.com/d/optout.
Eleftherios Karamoulas
Software engineer
il...@openweb.nl
Dec 15, 2017, 10:01:37 AM12/15/17
to Hippo Community
Hi,
so you can not access value lists from your custom security domain. Maybe relax your security domain to allow readonly access to valuelists, maybe readonly access to the whole folder with value lists. That should be perfectly enough to populate your drop down controls.
ashil...@aimia.com
Dec 19, 2017, 9:56:36 AM12/19/17
to Hippo Community
Hi
Yes this is what I'd like to do ideally, but I'm not sure how to do this... Is there a property I can set for that domainrule node for the valuelist folder only so that it's readonly, but leave the rest of the domain nodes as they are?
Thanks
Yes this is what I'd like to do ideally, but I'm not sure how to do this... Is there a property I can set for that domainrule node for the valuelist folder only so that it's readonly, but leave the rest of the domain nodes as they are?
Thanks
il...@openweb.nl
Dec 19, 2017, 11:22:12 AM12/19/17
to Hippo Community
Hi,
you can make value list readonly for external users. But in drop down control users would still be able to change values. And in that case value list will be visible somewhere in cms...
As you said, users of your custom domain already can not see value lists. That given, create a new domain with single rule (to enable readonly access on value list/s) and apply security domain to your external user group as readonly.
Something like this:
<sv:node sv:name="valuelists_externaluser" xmlns:sv="http://www.jcp.org/jcr/sv/1.0">
<sv:property sv:name="jcr:primaryType" sv:type="Name">
<sv:value>hipposys:domain</sv:value>
</sv:property>
<sv:node sv:name="hippo-document">
<sv:property sv:name="jcr:primaryType" sv:type="Name">
<sv:value>hipposys:domainrule</sv:value>
</sv:property>
<sv:node sv:name="hide-value-lists">
<sv:property sv:name="jcr:primaryType" sv:type="Name">
<sv:value>hipposys:facetrule</sv:value>
</sv:property>
<sv:property sv:name="hipposys:equals" sv:type="Boolean">
<sv:value>true</sv:value>
</sv:property>
<sv:property sv:name="hipposys:facet" sv:type="String">
<sv:value>nodetype</sv:value>
</sv:property>
<sv:property sv:name="hipposys:filter" sv:type="Boolean">
<sv:value>false</sv:value>
</sv:property>
<sv:property sv:name="hipposys:type" sv:type="String">
<sv:value>Name</sv:value>
</sv:property>
<sv:property sv:name="hipposys:value" sv:type="String">
<sv:value>selection:valuelist</sv:value>
</sv:property>
</sv:node>
</sv:node>
<sv:node sv:name="author">
<sv:property sv:name="jcr:primaryType" sv:type="Name">
<sv:value>hipposys:authrole</sv:value>
</sv:property>
<sv:property sv:multiple="true" sv:name="hipposys:groups" sv:type="String">
<sv:value>externalusers</sv:value>
</sv:property>
<sv:property sv:name="hipposys:role" sv:type="String">
<sv:value>readonly</sv:value>
</sv:property>
</sv:node>
</sv:node>
Op dinsdag 19 december 2017 15:56:36 UTC+1 schreef ashil...@aimia.com:
Reply all
Reply to author
Forward
0 new messages