|
Tuesday 02 March 2004 6:41:22 pm
Hi Brendan I agree with Bård, it sure is a tricky one. I've been giving this a bit of thought as I have a similar problem with complex permissions in an extranet system I am trying to build. As Bard has pointed out I'm not sure that it would be practicable to use the (current) permissions/roles system to achieve what you want. I think the only way to do this with the current version of eZ Publish is to use a combination of permissions and template logic to achieve what is required Deep breath....Here goes..... Create 3 content types, CEO, Manager, Worker under the Class Groups -> Users folder. Copy the default user class and rename appropriately and add any extra attributes required. You will also have a Company content type. Create 3 User groups: CEOs, Managers, Workers Create 3 Roles: one you each of the new user types - CEO , Manager, Worker.
You then have the "generic" rules for each role
Role: CEO content read class (Company, CEO, Manager, Worker), any section
Role: Manager content read class (Company, Manager, Worker), any section
Role: Worker content read class (Company, Worker), any section Assign these roles to the corresponding user groups. Add a company, create a section for this company, and assign the section to the newly created company Add a CEO to the company. You will also need to add the CEO to the CEOs user groups. Now I'm not sure if this will work (and it is pretty important that it does). Will the role that is assigned to the CEOs user group be applied to the CEO user as the node in the user group will not be the main node? You can make this an easier process by customising the edit template for the CEO content class (also do this for worker and manager content classes) to automatically place the node in the correct user group (See the edit_placement.tpl for an example of this). The new CEO user will be assigned the section ID of the parent company. Add Managers under the CEO and Workers under the Managers, making sure that they also get placed in their correct user group (these objects also get the same section ID as the company).
So now you need to have custom templates for each of the user content types
All - only display if the current user is of the same section as the current node (limits to a per company
CEO - nothing extra - only one CEO per company (thank god)
Manager - only display if current user is a CEO or has the same node ID as the current user
Worker - only display if current user is a Manager or has the same node ID as the current user. It doesn't appear that you can fetch content and limit it to a specific section so you will have to do this "manually" when looping through the results. By enforcing this limitation in the template logic you will save you having to create a 3 roles per Company. Also I'm assuming that Workers, Managers and CEOs will not be creating their own objects so they will not "own" their own object. So by having the template logic take care of having to assign self ownership to the worker objects. Disclaimer: This "solution" has not been attempted and may not work. At the moment it is purely entirely a figment of my imagination. I'd be interested in any feedback as to potential issues, logic problems etc.
Cheers
Bruce
My Blog: http://www.stuffandcontent.com/
Follow me on twitter: http://twitter.com/brucemorrison
Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish
|
