The Official PostNuke Installation & Getting Started Guide: Revision 9939 / Preview | ||
---|---|---|
Prev | Chapter 17. Groups & Permissions | Next |
After looking around I noticed a lot of you are trying to do what I have done... Create a sub-administrator for certain parts of the site by creating a Sub-Admin group. Below is some information that may assist in configuring your permissions.
For example, assume that you have a group of people you wish to place into a sub-administrator group. Here is a step-by-step example of creating this group and giving them permission to approve stories (articles) for the site.
Go to the Administration menu and click "Groups".
Create a Group with a descriptive name (for example, "subadmins").
Add the users that you want in the "subadmin" Group (examples: John Doe, Jane Doe).
Now that you have created the Group, you must grant the Group permission to do what you want them to do. In this example, we wish to allow them to be able to approve an Article for the site:
Go to Administration -> Permissions.
Click "New Group Permissions" to create a new set of permissions.
Select the "subadmins" group.
Under "Component", type "Stories::".
Under "Instance", type ".*".
Under "Permission Level", select "Admin" from the drop-down list.
Click on "New Permission" to save your changes.
Graphically this is:
Function Setting Notes
-----------------------------------------
Group subadmins Setting the permissions for Group subadmins
Component Stories:: Using the Stories Module
Instance .* The permission level applies to everything in this
component
Permission Admin Highest level of access
Remember this is going to give anyone in your Subadmins Group TOTAL control over the Stories module.
Most of you have the first permission set as ADMIN ADMIN. Move this newly-created group directly below Admins to ensure that another permission does not override it.
For example:
Group Component Instance Permissions Level
----------------------------------------------------
subadmins Stories:: .* Admin
Users .* .* Read
...would allow subadmins group Admin permissions since those members in subadmins are also in the group Users, but the subadmins permission is above the Users permission.
Group Component Instance Permissions Level
----------------------------------------------------
Users .* .* Read
subadmins Stories:: .* Admin
...this, however, would be useless since the permissions were already defined as Comment level for the Users before they were defined as Admin for subadmins. Everyone in Users and subadmins would have the same access.
Let's say I have a link to a feature called ANDROMEDA and I don't want a user called "JoeSmith" to see it. I will select "JoeSmith" as the User and remove that user's ability to view it. To every other user the menu would look like this:
Home
Your Account
ANDROMEDA
News
...however, by adding the following to the permissions system...
User JoeSmith
Component Menublock::
Instance Main Menu:ANDROMEDA:
Permission None
...that user's menu now looks like this:
Home
Your Account
News
To make it so that a member of group 'Users' can no longer submit news yet another group, 'Submitters' (where Users are added to this group at the discretion of the admin) can Submit News.
Let's break this issue down. There are four steps to this situation.
Change USERS group to DISALLOW users in this group to Submit News.
Change SUBMITTERS group to ALLOW users in this group to Submit News.
Add user(s) to the new SUBMITTERS group.
Get the ORDER of the permissions correct.
Now that we understand the steps, it is rather straightforward to implement what you want.
1. Assuming that we have the following permissions structure set up:
Sequence Group Component Instance Permissions
level
================================================================================
=
Admins Menublock:: Administration::*. Admin
Admins .* .* Admin
All groups Menublock:: Administration::*. None
Users .* .* Comment
Unregistered Menublock:: Main Menu:(Andromeda|Logout None
|Forums|Games|Submit News
|Members List|Messages):
Unregistered Polls:: .* Comment
Unregistered .* .* Read
...we can DISALLOW Submit News by adding the following line (marked with "=-=-=-" above and below the added line):
Sequence Group Component Instance Permissions
level
================================================================================
=
Admins Menublock:: Administration::*. Admin
Admins .* .* Admin
All groups Menublock:: Administration::*. None
=-=-=-
Users Menublock:: Main Menu:(Submit News): None # THIS IS
THE ADDED LINE!
=-=-=-
Users .* .* Comment
Unregistered Menublock:: Main Menu:(Andromeda|Logout None
|Forums|Games|Submit News
|Members List|Messages):
Unregistered Polls:: .* Comment
Unregistered .* .* Read
The added line sets to "None" the ability for the Users group to see the Main Menu item "Submit News". If your main menu is called something other than "Main Menu", or your submit news link is called something other than "Submit News", change the instance text.
2. We create a Group called "Submitters". Go to Administration -> Groups -> Add New Group. Type the name of the new group (I used "Submitters") and click the "New Group" button.
3. When the Groups page re-appears, click the name of the new group ("Submitters"), then click "Add a user to group" to add user(s) to this new Group.
4. Finally, go back to Administration->Permissions for step four which pulls it all together. Add line that is marked with "=-=-=-" above and below.
Sequence Group Component Instance Permissions
level
================================================================================
=
Admins Menublock:: Administration::*. Admin
Admins .* .* Admin
All groups Menublock:: Administration::*. None
=-=-=-
Submitters .* .* Comment # THIS
IS THE ADDED LINE!
=-=-=-
Users Menublock:: Main Menu:(Submit News): None
Users .* .* Comment
Unregistered Menublock:: Main Menu:(Andromeda|Logout None
|Forums|Games|Submit News
|Members List|Messages):
Unregistered Polls:: .* Comment
Unregistered .* .* Read
The added line gives specific permission to anyone in group "Submitters" to be able to use the Submit News function.
----------------------------------------------------------------------------
Let user called "James" see the "Administration" link. Add a User permission
for the specific user:
User/Group James
Component Menublock::
Instance Main Menu:Administration:
Permission Read
If you renamed the "Administration" link to "Control", you would have to change
the permission to:
User/Group James
Component Menublock::
Instance Main Menu:Control:
Permission Read
----------------------------------------------------------------------------
If you would like to make certain Articles available only to specified groups,
you may do so by grouping the Articles under a specific category and declaring
the permission as follows:
User/Group Unregistered
Component Stories::
Instance :<Category Name>:
Permission None
...where "<Category Name>" is the name of the Category where the Articles were
grouped.
----------------------------------------------------------------------------
Adding Downloads Permissions to filter unregistered access.
Here are the complete steps to do this :
* Locate the line 80 from modules/Downloads/lang/eng/global.php file.
* Change the define to the following:
define('_DOWNLOADSACCESSNOAUTH', 'You must be a registered member to access
downloads');
* Go to Permissions Administration then Add a new group permissions as shown
below:
Groups: Unregistered
Component: Downloads::
Instance: .*
Permissions Level: None
* Place the permission hierarchically just BEFORE default unregistered
permission as shown below:
Group: Unregistered
Component: .*
Instance: .*
Permission level: Read
----------------------------------------------------------------------------
Restrict Articles submitted by a specified author ("uid 2" in this case) from
being seen by Anonymous users:
User/Group Unregistered
Component Stories::
Instance 2::
Permission None
----------------------------------------------------------------------------
Restrict a specific article ("sid 50" in this case) from being read by a
specific user ("Paul" in this case):
User/Group Paul
Component Stories::
Instance ::50
Permission None
(interesting uses!)
----------------------------------------------------------------------------
To allow Anonymous users to vote in Polls:
User/Group Unregistered
Component Polls::
Instance .*
Permission Comment
----------------------------------------------------------------------------
Member from group "users" can add stories (this will add a link to Add Stories
in the menu of group "users"):
User/Group users
Component Stories::
Instance .*
Permission Add
----------------------------------------------------------------------------
Create a section available to certain members only. In this example, we first
created a group named "Paid Members" before doing the following:
Group: Paid Users
Component: Sections::Section
Instance: .*::1 (1 is the section ID)
Permissions level: Read
Group: All Groups
Component: Sections::Section
Instance: .*::1 (1 is the section ID)
Permissions Level: None
Make sure that the first definition is above the second one and you've got a
section for paid members only.
----------------------------------------------------------------------------
Members from group "users" can add Polls (this will add a link to Add Polls in
the menu of group "users"):
User/Group users
Component Polls::
Instance .*
Permission Add
-----------------------------------------------------------------------------