Thanks, Richie, it's always reassuring to know one is one the right track when trying to add new bits to an unfamiliar system.
I am currently looking into doing it all in FreeMarker, rather than modifying the tag library. That way the functionality can be installed with the package tool which we are planning to use to move functionality between development, test and production. We are trying, as much as possible, to keep the amount of Java code we have to maintain to a minimum by running, when we can, with the modules in the standard EE release. The FreeMarker code to do the detailed edit-permission control seems straightforward enough except for one bit: Is there an easy way to determine whether the user has a particular role from a FreeMarker template? Thanks again, Lee --- On Tue, 2/15/11, Unger, Richard <[email protected]> wrote: > From: Unger, Richard <[email protected]> > Subject: AW: [magnolia-user] Access Control More Granular than the Page Level > To: "Magnolia User-List" <[email protected]> > Date: Tuesday, February 15, 2011, 3:48 AM > > Hi Lee! > > We did exactly what you are suggesting: > > We modified the templating-components (EditBar, NewBar) to > allow a "roles" attribute. If present, the attribute causes > the component to be hidden unless the user has one of the > specified roles. > > We find this to work very well in our scenario. > We have "Power-Editors" and "Normal Editors". The > Power-Editors are specially trained, and can do things like > change the page properties, and edit the navigation or > emotion areas. Normal Editors can't see these EditBars, > they're only for Power-Editors. The Normal Editors can edit > the page content. > > This works very well for us. It's not "real security" in > the sense of the ACLs, but we're not trying to keep out > hackers, just to streamline the editing process. > > Regards from Vienna, > > Richie > > > -----Ursprüngliche Nachricht----- > Von: [email protected] > [mailto:[email protected]] > Im Auftrag von Lee Haslup > Gesendet: Dienstag, 15. Februar 2011 00:04 > An: [email protected] > Betreff: [magnolia-user] Access Control More Granular than > the Page Level > > > I need to be able to permit/deny users ability to edit some > parts of pages but not others. My current idea is to > modify the template(s) so that in addition to the [#if > mgml.editMode] ... [/#if] control of the editing bars I > would add an additional restriction based on the user's > roles -- something akin to an isUserInRole() call to decide > whether to render the editing controls for particular > collections based on user roles. > > The intent here is to allow, say, a user role that, in > effect, gives write access to the list of links on the page > but doesn't allow editing of any other content. The > user would, I expect, need write access to the page as far > as the ACL is concerned but the template would prevent him > from editing anything but his assigned part of the page. > > Has anyone done anything like this? Does it > work? And, as always, is there a better way to > approach this problem? Am I barking up the right > tree? > > Thanks, > > Lee Haslup > > > > > > ---------------------------------------------------------------- > For list details see > http://www.magnolia-cms.com/home/community/mailing-lists.html > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- > > > > > > ---------------------------------------------------------------- > For list details see > http://www.magnolia-cms.com/home/community/mailing-lists.html > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- > > ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
