Question on permissions

Discussion in 'Third Party Packages' started by wazza, Dec 4, 2014.

  1. wazza

    wazza Member

    Hi Guys,
    I have added two new Usergroups Customers and Employees. With ids 998 and 999
    I have been playing with permissions as follows.

    Code (Text):
    <!-- Objects For Customers -->
            <object type="group" type_id="998" object_id="wages" access="0" action="read">pages</object>
            <object type="group" type_id="998" object_id="timesheets" access="0" action="read">pages</object>
            <object type="group" type_id="998" object_id="invoices" access="1" action="read">pages</object>
            <object type="group" type_id="998" object_id="quotations" access="1" action="read">pages</object>
            <object type="group" type_id="998" object_id="credits" access="1" action="read">pages</object>
    <!-- Objects For Employees -->
            <object type="group" type_id="999" object_id="wages" access="1" action="read">pages</object>
            <object type="group" type_id="999" object_id="timesheets" access="1" action="read">pages</object>
            <object type="group" type_id="999" object_id="invoices" access="0" action="read">pages</object>
            <object type="group" type_id="999" object_id="quotations" access="0" action="read">pages</object>
            <object type="group" type_id="999" object_id="credits" access="0" action="read">pages</object>

    <!-- Disable for administrators as no need to show these-->
         <object type="group" type_id="1" object_id="wages" access="0" action="read">pages</object>
         <object type="group" type_id="1" object_id="timesheets" access="0" action="read">pages</object>
         <object type="group" type_id="1" object_id="invoices" access="0" action="read">pages</object>
         <object type="group" type_id="1" object_id="quotations" access="0" action="read">pages</object>
         <object type="group" type_id="1" object_id="credits" access="0" action="read">pages</object>
     
    Now this all works fine but i wonder if there is a quicker. (not so many lines to add) for denying access to
    Guests, Registered Users, Administrators etc. Seems i cannot disable access for administrators?

    Here is the pages section

    Code (Text):
    <!-- Profile Page For Customers-->
            <page url="profile/invoices/" name="invoices" readonly="1" menus="account" filename="invoices">My Invoices</page>
            <page url="profile/quotations/" name="quotations" readonly="1" menus="account" filename="quotations">My Quotations</page>
            <page url="profile/credits/" name="credits" readonly="1" menus="account" filename="credits">My Credits</page>
    <!-- Profile Page For Employees-->
            <page url="profile/timesheets/" name="timesheets" readonly="1" menus="account" filename="timesheets">My Time Sheets</page>
            <page url="profile/wages/" name="wages" readonly="1" menus="account" filename="wages">My Wages</page>
    Im thinking there is a better way?

    Regards,
    Quentin
    Last edited: Dec 4, 2014
  2. Janur_J.

    Janur_J. Staff Member

    Hello Quentin,

    You wrote an invalid scheme to add permissions OBJECT entries. Instructions you mentioned would be valid if a tag was PERMISSION, not the OBJECT. The syntax for OBJECT is different. For example, there is no need to specify the TYPE_ID for object, it's invalid.

    Can you please explain in details what you want to restrict?
  3. Janur_J.

    Janur_J. Staff Member

    It impossible to deny access to a member of group Administrator.
  4. wazza

    wazza Member

    Hi Janur,

    All i want to do is NOT show those options in FRONTEND when administrator is logged in. Is fine for customers and employees when logged in. But there is no need for admin to see this info.

    So basically i only want pages accessable for each type of usergroup.
    If that makes sense?

    Regards,
    Quentin
  5. wazza

    wazza Member

  6. Vasily_B.

    Vasily_B. Project Manager

    Yep, that's what I also asked Janur to do a couple of days ago. We need to update our manual for new correct way to configure privileges via install.xml This will be done soon.
  7. wazza

    wazza Member

    ok thanks for the heads up Vasily.
  8. Janur_J.

    Janur_J. Staff Member

    The appropriate section in Package Structure page is updated.
    Shortly, you first set the default access via the OBJECT tag and then, set access for particular user or usergroup.

    Your case should look as follows:
    Code (Text):

    <!-- Objects For Customers -->
    <permission type_id="998">wages</permission>
    <permission type_id="998">timesheets</permission>
    <permission type_id="998" access="1">invoices</permission>
    <permission type_id="998" access="1">quotations</permission>
    <permission type_id="998" access="1">credits</permission>
    <!-- Objects For Employees -->
    <permission type_id="999" access="1">wages</permission>
    <permission type_id="999" access="1">timesheets</permission>
    <permission type_id="999">invoices</permission>
    <permission type_id="999">quotations</permission>
    <permission type_id="999">credits</permission>
    <!-- Disable for administrators as no need to show these-->
    <!-- Impossible to deny access for administrators -->
  9. wazza

    wazza Member

    Ok thanks Janur,

    Ill check out the package structure changes.

    So i do need to specify permissions per user group? Any chance you guys would consider adding this as a comma seperated option?
    for example type_id="998,999" to save on space in the install.xml file.

    I dont actually want to deny access to administrators. Just disable (if possible) when admin is logged into front end. As basically there is no need for them to see those [pages]. (unless there is another way to do it?) I thought adding to the profile block would be best. If i created an addition block may be better?
  10. wazza

    wazza Member

    Hey Janur,

    Thanks for updating that!

    Slightly confusing at the moment but im sure ill work it out!

    Thanks again.
    Quentin
  11. wazza

    wazza Member

    Ok that works alot better :D

    Thanks again

Share This Page