Forums / Developer / 4.3 Roles and Policies: How to restrict object editing to only "Content" attributes?
Thiago Campos Viana
Monday 26 April 2010 7:19:12 am
Could someone help me with content attribute grouping in Exponential 4.3?
Is it possible to disable meta attributes editing for a group of users?
eZ Publish Certified Developer: http://auth.ez.no/certification/verify/376924 Twitter: http://twitter.com/tcv_br
tom stovall
Monday 26 April 2010 12:28:26 pm
Well, Not saying this is the way to do it, but what I would do is edit the associated role and add a policy that only allows the user read access to any user objects where they are the owner, e.g. their user object.
I think, however, that will disable their ability to change their own password.
You could also change the user/edit template so they can only change what you want them to change...???
-tom
Monday 26 April 2010 4:39:10 pm
... but what I would do is edit the associated role and add a policy that only allows the user read access to any user objects where they are the owner, e.g. their user object....
...
I would block some attributes of the user own object, like hit counter, rating, and others... so, even he is the owner of the object, I wouldn't allow him to edit all the fields. If I modify the edit template it is not secure because the user could use firebug and add/modify fields... I had this problem some time ago, the user edited some hidden fields with firebug, then he used firebug to create the fields I removed from editing template and I got some problems. The best solution would be to control the user allowed editing attributes to some groups.
Jérôme Vieilledent
Tuesday 27 April 2010 12:01:10 am
Hi Thiago
Unfortunately, it is not (yet) possible to apply security policies at the attribute level. A hack does exist, but maybe you should wait a little as this feature has been waited for a long time and is claimed for Fuji next release (see features requests and ideas).
Norman Leutner
Tuesday 27 April 2010 12:50:21 am
Currently policies at attribute level are not on the roadmap for the upcoming releases !
see: http://ez.no/Exponential/roadmap
Mit freundlichen Grüßen Best regards Norman Leutner ____________________________________________________________ eZ Publish Platinum Partner - http://www.all2e.com http://ez.no/partners/worldwide_partners/all2e_gmbh
André R.
Tuesday 27 April 2010 5:57:04 am
Correct, it is not on the roadmap.Might make more sense to do it pr attribute category, but then the storage of it should improve some..
eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom
Tuesday 27 April 2010 7:12:28 am
ok, thank you all!
I'm looking forward to this feature.
Tuesday 27 April 2010 8:05:59 am
This approach may be interesting :)
Tuesday 27 April 2010 11:07:39 am
Could someone please tell me how to do that?