Advanced Permissions - Restrictive Permissions For Customers
Permalink
Ladies & Gentlemen,
I posted my problem in July, and still i have not found any helpful answer to my problem.
Customers shall only be able to edit the contents of single blocks, not delete them, not move them around. Just edit the contents.
All I read about advanced permissions did not bring me further.
If you do not have an answer to this question, I would be glad to know how you handle the problem of customers trying out every feature of a CMS that is permitted. Even if it looks…terrible.
I actually thought that “locking” layout and position was a common task, still I did not find anything in the forums.
This is a criterion for exclusion to me, so any help is highly appreciated!
Thanks in advance,
Julian
______________________________________________________
This is what I once wrote:
Hello,
I am currently testing concrete5 and facing a big problem. It is necessary that a customer can only edit the contents of a block, but NOT change page layout and positions.
Although the role “writer” (which I created) is not set to “admin”, users of this role can change the page layout. I do not understand why. Due to the description provided below, editing should be restricted to Admin only.
kind regards and thanks in advance,
El Júlio
This is what the Permission page says:
Read - who can see this page at all.
Versions - who can see earlier versions of this page.
Write - who can put this page in edit mode at all.
Approve - who can approve a new version for this page.
Delete - who can delete this page.
Admin - everything else, including setting permissions, design, and move. We intend to break these out into their own roles at some point in the future.
I posted my problem in July, and still i have not found any helpful answer to my problem.
Customers shall only be able to edit the contents of single blocks, not delete them, not move them around. Just edit the contents.
All I read about advanced permissions did not bring me further.
If you do not have an answer to this question, I would be glad to know how you handle the problem of customers trying out every feature of a CMS that is permitted. Even if it looks…terrible.
I actually thought that “locking” layout and position was a common task, still I did not find anything in the forums.
This is a criterion for exclusion to me, so any help is highly appreciated!
Thanks in advance,
Julian
______________________________________________________
This is what I once wrote:
Hello,
I am currently testing concrete5 and facing a big problem. It is necessary that a customer can only edit the contents of a block, but NOT change page layout and positions.
Although the role “writer” (which I created) is not set to “admin”, users of this role can change the page layout. I do not understand why. Due to the description provided below, editing should be restricted to Admin only.
kind regards and thanks in advance,
El Júlio
This is what the Permission page says:
Read - who can see this page at all.
Versions - who can see earlier versions of this page.
Write - who can put this page in edit mode at all.
Approve - who can approve a new version for this page.
Delete - who can delete this page.
Admin - everything else, including setting permissions, design, and move. We intend to break these out into their own roles at some point in the future.
my good sir, i think you found a bug :P please post it in the bugs section
*up*
I would have to agree. Why can we only lock them out from the page and not from individual blocks. Is there a way to add permissions on a per block basis? Such as, when you get the panel to choose to edit or delete etc. There should be a permissions tab that is only available to the administrators.
Check this out.
http://www.concrete5.org/documentation/general-topics/simple-permis...
If you read through it once you enable your advanced permissions by adding the code to the site.php file, you can go to a block and when you click to edit you can set permissions specifically to the block. Hope this helps.
http://www.concrete5.org/documentation/general-topics/simple-permis...
If you read through it once you enable your advanced permissions by adding the code to the site.php file, you can go to a block and when you click to edit you can set permissions specifically to the block. Hope this helps.
I tested it out on my own site and it seems that with the advanced permissions on the page and setting them per block that the only thing you can't do is stop the ability to move the block. That is a problem.
Thanks for your answers!
I solved the problem in a rather dirty way.
User objects have a isSuperUser-Property. This way you can determine if the current user is admin or not.
By changing just a few lines of code, you can a) Remove the Design-Button in edit mode and b) remove the move-Button fur normal users.
If there is any interest, I can post the changes to make.
regards,
El Júlio
I solved the problem in a rather dirty way.
User objects have a isSuperUser-Property. This way you can determine if the current user is admin or not.
By changing just a few lines of code, you can a) Remove the Design-Button in edit mode and b) remove the move-Button fur normal users.
If there is any interest, I can post the changes to make.
regards,
El Júlio
.
The global JavaScript var for checking superUsers is set in /concrete/elements/header_required.php, line 54.
Hiding the Move-Button in /concrete/js/ccm.ui.js, line 68:
The Design button can be hidden in /concrete/tools/page_controls_menu_js.php, line 107.
<? $u = new User(); $super = "false"; if($u->isSuperUser()){$super = "true";} ?> var CCM_IS_SUPER_USER = <?=$super;?>;
Hiding the Move-Button in /concrete/js/ccm.ui.js, line 68:
if (obj.canArrange) { var hideMove = ""; if(CCM_IS_SUPER_USER) { hideMoveButton = 'style="display: none;"'; } html += '<li ' + hideMoveButton + '><a class="ccm-icon" id="menuArrange' + obj.bID + '-' + obj.aID + '" href="javascript:ccm_arrangeInit()"><span style="background-image: url(' + CCM_IMAGE_PATH + '/icons/up_down.png)">' + ccmi18n.arrangeBlock + '</span></a></li>'; }
The Design button can be hidden in /concrete/tools/page_controls_menu_js.php, line 107.
menuHTML += '<li class="ccm-main-nav-edit-option" <?php if (!$c->isEditMode()) { ?> style="display: none" <?php } ?>><a href="javascript:void(0)" id="ccm-nav-design" <?=! $u->isSuperUser() ? 'style="display: none;"' : ''?>><?php echo t('Design')?></a></li>';
Has there been any official solution posted for or worked on concerning this problem? I had thought separating layout and design from basic text-based content entry was the basic function of a CMS, and C5 seems to be lacking it, at least in an easy to implement manner. Please tell me I am wrong?!
I've always wondered about this as well. I've just added changes to core files and placed them outside of the core to override them but when upgrading C5 it sometimes creates problems.
Is there a better way of doing this somewhere in the dashboard, page type defaults or even in the config file?
Is there a better way of doing this somewhere in the dashboard, page type defaults or even in the config file?
