Adding custom security policy limitations to your modules

Conclusion

Here is a quick recap of each step :

1. Define a module function and affect it to one of the module views
2. Define a callback method in order to fetch available limitations for the function
3. Check user access in your module view with eZ JS Core
4. Fetch available limitations for current user with a helper static method
5. Control user access for tabs display in admin interface

As an example, we could consider NovenINIUpdate extension (environment switch for INI settings). It has indeed a GUI in the admin interface. At the time of writing, every user that has access to the main module of this extension can switch to every declared environment (ie. dev, staging, production). We could add a limitation on the environment, allowing many users to only switch from/to dev and staging environment. Production switch would be given only to admin users.

In short, building custom limitations for security policies attached to custom modules in eZ Publish is not a piece of cake. Personally, it took me several days of patience, deeply digging into the kernel to understand those mechanisms I just exposed to you, so you do not need to search for hours yourself :)

However, despite the real complexity, this mechanism allows very fine grain granularity in user access control. It is also unique and native in eZ Publish for a long time now.To be widely used, it would need to be simplified within the kernel, as it has been done thanks to eZJSCore and the helper method we used in this tutorial.

I particularly would like to thank Nicolas Pastorino, Damien Pobel and Andrè Rømcke who helped me during my research :-).

Resources

This tutorial is an english translation of my original post on my blog, Lolart.net (french) : http://www.lolart.net/blog/ez-publish/des-limitations-pour-vos-politiques-de-securite

Useful Articles and documentation :

• An introduction to developing eZ Publish extensions : http://share.ez.no/articles/ez-publish/an-introduction-to-developing-ez-publish-extensions
• Old tutorial about module development : http://ez.no/ezpublish/documentation/development/extensions/building_an_ez_publish_module
• eZ JS Core article : http://share.ez.no/articles/ez-publish/ezjscore-ez-publish-javascript-and-ajax-framework
• Noven INI Update : http://projects.ez.no/noveniniupdate
• Online documentation about Access Control management in eZ Publish :
  http://ez.no/doc/ez_publish/technical_manual/4_x/concepts_and_basics/access_control

This article is available in PDF for offline reading : Jerome Vieilledent - Adding custom security policy limitations to your modules - eZ Publish Community

About the author : Jérôme Vieilledent

Jérôme is a completely self-educated web developer. He learnt PHP all by himself and started developing with eZ Publish in 2007. He works now as a technical manager and expert at SQLi Agency in Paris.

License

This work is licensed under the Creative Commons – Share Alike license ( http://creativecommons.org/licenses/by-sa/3.0 ).