Hi all, just to let you know, it's solved. Turned out we reached the maxcontextsinquery limit which is set in mmbasecontexts.xml. Below a little background, maybe it's useful/interesting to others.
We're using 'generic editors' so the only way to shield groups from other groups nodes is on read-rights. This is essential to us because we work with multiple, independant organisations who are not interested in each others content. Therefore we have the following scheme: 1. Every nodetype has its own context/group; 2. In typedef we gave every nodetype its own owner; 3. There are 'template groups' which define the create/read rights on the nodetypes (based on their ownercontext). So for example there is a template group for 'basic user' and for ' supervisor'. 4. Every organisation has it's own contexts, which inherits rights from the template groups. This has some benifits: setting up an organisation is quite fast; changes to rights can be made global in the template groups. Downside is that we have a multitude of contexts, right now about 200. This number will grow in time because the organisations will be able to create their own contexts. Only question that remains is whether the maxcontextsinquery will be reached any time soon. again... On 6/4/07, André van Toly <[EMAIL PROTECTED]> wrote:
Hi Bram, Op 1-jun-2007, om 15:53 heeft Bram Enning het volgende geschreven: > Basically our problems boil down to this: > Some users may create (and edit, delete etc) certain node-types > while other users may not. > For example: > Group A can create persons and places and may edit and delete nodes > they created; > Group B may not create persons and places, but only streets. The > can however view persons and places created by Group A; > > How do you go about and implement this in MMBase? > > This is what we did: > For every nodetype a context with group is created, so there is a > persons, places and streets context; > Then comes the, in my view, strange action: With the my-editors we > set in typedef the respective owner at each nodetype. So nodetype > Places gets as his owner a context Places, etc. > Then we create a context and group A and B; > Group A gets create, edit write and delete in the context Persons > and Places Group B for Streets, and view rights for context A; > Is there another way of controlling which nodetypes a group can > create? I think not. You grant a context to a certain group and when no other group can access that context the original group is the only group that can edit (or create) them. I believe that when you use cloud context security it the only (other) possible way to disable the creation and editing of certain nodetypes by a certain group, is when you shield them from that group. So I think you need to create 'special' editors that display only those nodetypes that a certain group may access. ---André > > thanks, > Bram! > _______________________________________________ > Users mailing list > [email protected] > http://lists.mmbase.org/mailman/listinfo/users -- André van Toly MMBase development & Userfriendly webdesign W: http://www.toly.nl M: +31(0)627233562 ------------------------------------------------------------------ ~~<<>>~~ _______________________________________________ Users mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/users
