Hi Lee! We did exactly what you are suggesting:
We modified the templating-components (EditBar, NewBar) to allow a "roles" attribute. If present, the attribute causes the component to be hidden unless the user has one of the specified roles. We find this to work very well in our scenario. We have "Power-Editors" and "Normal Editors". The Power-Editors are specially trained, and can do things like change the page properties, and edit the navigation or emotion areas. Normal Editors can't see these EditBars, they're only for Power-Editors. The Normal Editors can edit the page content. This works very well for us. It's not "real security" in the sense of the ACLs, but we're not trying to keep out hackers, just to streamline the editing process. Regards from Vienna, Richie -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Lee Haslup Gesendet: Dienstag, 15. Februar 2011 00:04 An: [email protected] Betreff: [magnolia-user] Access Control More Granular than the Page Level I need to be able to permit/deny users ability to edit some parts of pages but not others. My current idea is to modify the template(s) so that in addition to the [#if mgml.editMode] ... [/#if] control of the editing bars I would add an additional restriction based on the user's roles -- something akin to an isUserInRole() call to decide whether to render the editing controls for particular collections based on user roles. The intent here is to allow, say, a user role that, in effect, gives write access to the list of links on the page but doesn't allow editing of any other content. The user would, I expect, need write access to the page as far as the ACL is concerned but the template would prevent him from editing anything but his assigned part of the page. Has anyone done anything like this? Does it work? And, as always, is there a better way to approach this problem? Am I barking up the right tree? Thanks, Lee Haslup ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ---------------------------------------------------------------- ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
