How to restrict/redirect certain object views ?

Wednesday 03 September 2008 3:17:16 am - 3 replies

3 replies

Author	Message
Gabriel Finkelstein	Thursday 04 September 2008 3:29:45 pm You can always do: {if [has_access]} [content] {else} You're not allowed bla bla bla. {/if} In [has_access] you check if the user has a certain role. It's not nice, but it works.
Maxime Thomas	Thursday 04 December 2008 10:00:41 pm Hi, You can also set some restriction on policy like only editors can read articles. To make articles appear in the result of a fetch for exemple, you just have to add the limitation parameter with an empty array : http://ez.no/doc/ez_publish/technical_manual/4_0/reference/modules/content/fetch_functions/list By this you don't have to put a message. Max Maxime Thomas maxime.thomas@wascou.org \| www.wascou.org \| http://twitter.com/wascou Company Blog : http://www.wascou.org/eng/Company/Blog Technical Blog : http://share.ez.no/blogs/maxime-thomas
André R.	Friday 05 December 2008 12:37:44 am By this you don't have to put a message. And you don't have to implement access rules in templates witch are ugly and insecure by design. For instance: If one of your readers knows a few things about eZ Publish he can try to guess for other views you might have beside full and line, he needs to know the node id as well but not something that is to hard in a default ez install. It's even worse if templates decide on edit/delete access.. eZ Online Editor 5: http://projects.ez.no/ezoe \|\| eZJSCore (Ajax): http://projects.ez.no/ezjscore \|\| eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom

Author

Message

Thursday 04 September 2008 3:29:45 pm

You can always do:

{if [has_access]}
[content]
{else}
You're not allowed bla bla bla.
{/if}

In [has_access] you check if the user has a certain role.
It's not nice, but it works.

Maxime Thomas

Thursday 04 December 2008 10:00:41 pm

Hi,

You can also set some restriction on policy like only editors can read articles.
To make articles appear in the result of a fetch for exemple, you just have to add the limitation parameter with an empty array :

http://ez.no/doc/ez_publish/technical_manual/4_0/reference/modules/content/fetch_functions/list

By this you don't have to put a message.

Max

Maxime Thomas
maxime.thomas@wascou.org | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

André R.

Friday 05 December 2008 12:37:44 am

By this you don't have to put a message.

And you don't have to implement access rules in templates witch are ugly and insecure by design.
For instance: If one of your readers knows a few things about eZ Publish he can try to guess for other views you might have beside full and line, he needs to know the node id as well but not something that is to hard in a default ez install. It's even worse if templates decide on edit/delete access..

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

You must be logged in to post messages in this topic!