Hi Raphaël,
I don't think there's a way to restrict that particular action through the administration - but maybe someone more knowledgeable can chime in.
The way I've been putting in place these kind of restrictions (not sure if any of these have been deprecated since) is to do it in the frontend/template. Before showing the link just make a check for the proper group of the authenticated user. This can be done, for instance, with the "hasCredential" function
| $sf_user->hasCredential(array('contributor', 'editor', 'administrator'), false)
or with the "getAclGroups" function, which you can loop through if you want
| foreach ($sf_user->getAclGroups() as $group) // access name through $group->getName()
The problem with this is, of course, that if a user knows the link he can just type it directly in the browser to access it. Not being able to see the links worked fine for my use case though, so I didn't worry much about it.
For a more secure approach, you can probably use the same idea on the server side. Confirm this, but this particular case should be possible by overriding apps/qubit/modules/informationobject/actions/exportCsvAction.class.php with the same checks. Note though, that the functions I described above will check against session storage. Use "$sf_user->hasGroup()" to check against the database if needed.
cheers
--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.