Interesting requirement you have here. I first thought that you could introduce custom save handlers in the dialogs (where the editors set the permission flags) to modify the ACLs correspondingly. But that will most likely turn into a nightmare and if Magnolia has too many and too complicated ACLs performance will suffer a bit as well. So I think extending AccessManager.isGranted() is your best bet (never done this myself though).
-will On 25.03.2014, at 16:42, "Matteo Pelucco (via Magnolia Forums)" <[email protected]> wrote: > Hello guys, > I have this need (simplified here..) > > I have 3 public user types: > - normal user(level1) > - enhanced user (level2) > - power user (level3) > > and 3 public user geographical areas: > - europe > - america > - asia > > Magnolia editors can "tag" each content to be visible for: > - everybody (no tag) > - one of the 9 combination of user attributes (type and geography) > > So, for instance, I have: > A) /home/news/news01.html --> everybody > B) /home/news/news02.html --> visible only to [enhanced user] AND [europe] > C) /home/news/news03.html --> visible only to [power user] AND [europe,asia] > > Assuming to already have the logic to check if a content (a page) can be seen > by a logged user, cross matching the attributes, I need to plug this rule > WIDE in Magnolia. > > What can I override to make it be transparent to STK components (I think a > news teaser, for instance: if the logged user is a european power user, the > news list will be composed only by news A+C, if a standard user only by news > A...) > > Option 1: AccessManager? > Option 2: ContentSecurity or UriSecurity (not a good idea, since I can > prevent a protected content to be accessible by a request, but not a > protected content to be displayed by another, allowed, content (e.g.: a > teaser, a link..) > Option 3: STKTemplatingFunctions + QueryManager + STK models (check one by > one)? > > Many, many thanks for your help here.. > M. > > NB1: I know that Magnolia 3 will be out with p13n. But this is more simple: > check if a content can be visible by a user, with 1 or 2 attributes to check.. > NB2: Structuring the content and use the standard Magnolia ACLs is not an > option (unfortunately..) > > -- > Context is everything: > http://forum.magnolia-cms.com/forum/thread.html?threadId=0f30a282-75c7-42ed-a73c-9379248d173b > > > ---------------------------------------------------------------- > For list details, see http://www.magnolia-cms.com/community/mailing-lists.html > Alternatively, use our forums: http://forum.magnolia-cms.com/ > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- > ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
