Hi Lee!
Yes, you should be able to do something like [#if
ctx.getUser().hasRole("therole")] ... [/#if] .
I understand your desire to minimize java-coding to make the moving of
functionality easier.
Also consider though that trying to do too much "Java-Like" logic in your
templates might lead to other problems. Freemarker is not that robust when it
comes to dealing with Java-Errors and Null values. It's easy to miss some
condition and get a "Stack Trace" in your page-output. However, something like
ctx.getUser().hasRole() should be safe enough...
Regards from Vienna,
Richard
-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]]
Im Auftrag von Lee Haslup
Gesendet: Dienstag, 15. Februar 2011 23:51
An: Magnolia User-List
Betreff: Re: AW: [magnolia-user] Access Control More Granular than the Page
Level
Thanks, Richie, it's always reassuring to know one is one the right track when
trying to add new bits to an unfamiliar system.
I am currently looking into doing it all in FreeMarker, rather than modifying
the tag library. That way the functionality can be installed with the package
tool which we are planning to use to move functionality between development,
test and production. We are trying, as much as possible, to keep the amount of
Java code we have to maintain to a minimum by running, when we can, with the
modules in the standard EE release.
The FreeMarker code to do the detailed edit-permission control seems
straightforward enough except for one bit: Is there an easy way to determine
whether the user has a particular role from a FreeMarker template?
Thanks again,
Lee
--- On Tue, 2/15/11, Unger, Richard <[email protected]> wrote:
> From: Unger, Richard <[email protected]>
> Subject: AW: [magnolia-user] Access Control More Granular than the
> Page Level
> To: "Magnolia User-List" <[email protected]>
> Date: Tuesday, February 15, 2011, 3:48 AM
>
> Hi Lee!
>
> We did exactly what you are suggesting:
>
> We modified the templating-components (EditBar, NewBar) to allow a
> "roles" attribute. If present, the attribute causes the component to
> be hidden unless the user has one of the specified roles.
>
> We find this to work very well in our scenario.
> We have "Power-Editors" and "Normal Editors". The Power-Editors are
> specially trained, and can do things like change the page properties,
> and edit the navigation or emotion areas. Normal Editors can't see
> these EditBars, they're only for Power-Editors. The Normal Editors can
> edit the page content.
>
> This works very well for us. It's not "real security" in the sense of
> the ACLs, but we're not trying to keep out hackers, just to streamline
> the editing process.
>
> Regards from Vienna,
>
> Richie
>
>
> -----Ursprüngliche Nachricht-----
> Von: [email protected]
> [mailto:[email protected]]
> Im Auftrag von Lee Haslup
> Gesendet: Dienstag, 15. Februar 2011 00:04
> An: [email protected]
> Betreff: [magnolia-user] Access Control More Granular than the Page
> Level
>
>
> I need to be able to permit/deny users ability to edit some parts of
> pages but not others. My current idea is to modify the template(s) so
> that in addition to the [#if mgml.editMode] ... [/#if] control of the
> editing bars I would add an additional restriction based on the user's
> roles -- something akin to an isUserInRole() call to decide whether to
> render the editing controls for particular collections based on user
> roles.
>
> The intent here is to allow, say, a user role that, in effect, gives
> write access to the list of links on the page but doesn't allow
> editing of any other content. The user would, I expect, need write
> access to the page as far as the ACL is concerned but the template
> would prevent him from editing anything but his assigned part of the
> page.
>
> Has anyone done anything like this? Does it work? And, as always, is
> there a better way to approach this problem? Am I barking up the
> right tree?
>
> Thanks,
>
> Lee Haslup
>
>
>
>
>
> ----------------------------------------------------------------
> For list details see
> http://www.magnolia-cms.com/home/community/mailing-lists.html
> To unsubscribe, E-mail to: <[email protected]>
> ----------------------------------------------------------------
>
>
>
>
>
> ----------------------------------------------------------------
> For list details see
> http://www.magnolia-cms.com/home/community/mailing-lists.html
> To unsubscribe, E-mail to: <[email protected]>
> ----------------------------------------------------------------
>
>
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
