Custom Permissions for Custom Types

1 view
Skip to first unread message

Chris Roth

unread,
Sep 12, 2007, 6:32:19 PM9/12/07
to farcry-dev
Does anyone have custom permissions for custom types working properly
on 4.0.7?

Here's my problem

1. I am using AD
2. I have a group in AD called "MyManagerGroup"
3. An AD user "MyUser" is a member of the AD group above.
4. The AD and FC Group of the same name are both mapped to the
PolicyGroup (same name)
5. I have a Custom Type, lets call it MyCstType
6. I created permissions:

MyCstTypeApprove
MyCstTypeCanApproveOwnContent
MyCstTypeCreate
MyCstTypeDelete
MyCstTypeEdit
MyCstTypeRequestApproval

I then gave the Policy Group "MyManagerGroup" "yes" to each of those.

for admin I have something like:

<ft:objectadmin
typename="MyCstType"
permissionset="MyCstType"
title="MyCstType"
description="Manage MyCstType"
columnList="title,datetimelastupdated,datetimecreated,status"
sortableColumns="title,datetimelastupdated,datetimecreated,status"
lFilterFields="title"
sqlorderby="datetimelastupdated,title asc"
plugin="MyPlugin"
module="/MyCstType.cfm" />


Refresh app scope, I login as my test user, I get the right webtop
permissions,

When I try to "add" a new MyCstType I get "you do not have edit
permissions"..

If I log in as another AD user, this one set to an AD group
equivelent to "System Admin" I have no problems.

Certainly I am overlooking something.. I just cant figure this out....

Chris Roth

unread,
Sep 13, 2007, 2:26:39 PM9/13/07
to farcry-dev
Looks like perhaps formtools objectadmin.cfm is not 100% supportive of
user defined permissions "permissionset" attribute.

I see a lot of "TODO: Check Permissions". comments in there.

I also found this code/comment:


<cfif NOT structKeyExists(PrimaryPackage, "news")>

<!--- this seems to be a problem for custom types when it gets to
invocation.cfm. the permission set is not carried
across and could potentially cause major stuff ups if news permissions
(which is the default) is set to no for the
user --->
<cfset structInsert(PrimaryPackage, "permissionset", "news", "yes")>
</cfif>

After restoring the "News" prmission set to MyManagerGroup the user
can add/edit MyCstType objects. Unfortunately this seems to defeat the
pupose of creating and assigning permissions for individual types when
using the permissionset attribure of ftobjectadmin, or am I missing
something?

Chris

modius

unread,
Sep 13, 2007, 5:20:37 PM9/13/07
to farcry-dev
On Sep 14, 4:26 am, Chris Roth <chris.r...@gmail.com> wrote:
> After restoring the "News" prmission set to MyManagerGroup the user
> can add/edit MyCstType objects. Unfortunately this seems to defeat the
> pupose of creating and assigning permissions for individual types when
> using the permissionset attribure of ftobjectadmin, or am I missing
> something?

I'd say its definitely something that needs fixing. Please put your
original post through as a bug and I'll see what can be done to
prioritise the fix.

-- geoff
http://www.daemon.com.au/

Reply all
Reply to author
Forward
0 new messages