Share » Learn » eZ Publish » Adding custom security policy...

Adding custom security policy limitations to your modules

Tuesday 25 May 2010 7:44:59 am

  • Currently 5 out of 5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5


Here is a quick recap of each step :

  1. Define a module function and affect it to one of the module views
  2. Define a callback method in order to fetch available limitations for the function
  3. Check user access in your module view with eZ JS Core
  4. Fetch available limitations for current user with a helper static method
  5. Control user access for tabs display in admin interface

As an example, we could consider NovenINIUpdate extension (environment switch for INI settings). It has indeed a GUI in the admin interface. At the time of writing, every user that has access to the main module of this extension can switch to every declared environment (ie. dev, staging, production). We could add a limitation on the environment, allowing many users to only switch from/to dev and staging environment. Production switch would be given only to admin users.

In short, building custom limitations for security policies attached to custom modules in eZ Publish is not a piece of cake. Personally, it took me several days of patience, deeply digging into the kernel to understand those mechanisms I just exposed to you, so you do not need to search for hours yourself :)

However, despite the real complexity, this mechanism allows very fine grain granularity in user access control. It is also unique and native in eZ Publish for a long time now.To be widely used, it would need to be simplified within the kernel, as it has been done thanks to eZJSCore and the helper method we used in this tutorial.

I particularly would like to thank Nicolas Pastorino, Damien Pobel and Andrè Rømcke who helped me during my research :-).


This tutorial is an english translation of my original post on my blog, (french) :

Useful Articles and documentation :

This article is available in PDF for offline reading : Jerome Vieilledent - Adding custom security policy limitations to your modules - eZ Publish Community

About the author : Jérôme Vieilledent

Jérôme Vieilledent

Jérôme Vieilledent

Jérôme is a completely self-educated web developer. He learnt PHP all by himself and started developing with eZ Publish in 2007. He works now as a technical manager and expert at SQLi Agency in Paris.


Creative Commons - Share Alike

Creative Commons - Share Alike

This work is licensed under the Creative Commons – Share Alike license ( ).

36 542 Users on board!

Tutorial menu


Printer Friendly version of the full article on one page with plain styles