Best Way to Implement Basic Content Manager Permissions - 2sxc

We've added a role to DNN named, "Content Manager." Almost all the site's content is in 2sxc Content app stuff; Basic Content, Links, Locations, etc. What is the most efficient way to get DNN and 2sxc setup so that these users can only Edit the content. Not change the template (View) or get in to DNN's module or page settings or anything else. Most of our efforts so far either involve a lot of setup work and module permission changes - or - if we stick close to the defaults, we give these users too many options when logged in. Basically we want them to only see the blue circle edit pencil button and nothing else.

So I found this by accident, but it seems to work! Perhaps #iJungleBoy has some additional feedback.
Get the RoleID from the database for the role you created for Content Editors. Then, in your 2SXC app, go to the apps Administration page, click App in the top toolbar, click the icon next to App Permissions, add a new permission with the ID of the role in the Identity field, leave the condition unset, and choose from the Grant options that meets your need. The entry for "Edit (Create, Read, Update, Delete)" may be what you are looking for.
If that doesn't work, you may need to manage the App Permissions for all 2sxc apps. You can follow this link for background on it. Basically you need to put the page in Edit mode and then on the gear icon select Apps Management. On that screen, click the Features button on the toolbar. Click Manage Features, and then enable the one entitled "Permission by Group / Role".
For more background on permissions, check here.
Hope that helps get you on a good path.

Related

Hide Page Navigator in App Maker

Any way to hide the Page Navigator that appears on the top of every App Maker produced page? When you create your own custom menu system that navigates the site then there is no longer a need for the page navigator. Also, the naming convention on the pages are not exactly user friendly (not allowing spaces for example) so that makes the page navigator look more like a developer tool than an end-user one. And last but not least, the page navigator is redundant if you only have one page in your app.
You can show/hide page chooser by setting ?console= URL parameter to 1 or 0 correspondingly.
But as Morfinismo noticed, most likely you are looking for creating a deployment which you can share with your end users, configure permissions, etc., since only you can access your Preview deployment.

Tridion Structure Group Localization Permission Issue

I am using SDL Tridion 2011 and need to take the permissions off from the user to localize a structure group so that he does not make any changes in the name of the structure group by localizing it. However, even after removing the rights and permissions and making the structure group ‘read only’, the user is still able to localize the structure group by right clicking on it and going to properties. Please help if there's any resolution for it.
Also, is there any way we can restrict the user from unpublising or updating a page?
Permissions on a structure group control what you can do to the things it contains. Remove the localize permission in the parent structure group instead.
To prevent unpublishing you can do any of the following:
Remove the Read permission.
Go to the Security tab in the properties of the relevant publication, and remove the right to Publish to Content Distributor
Go to the Security tab of the relevant Target Type, and remove the Use Target Type permission
To prevent them updating a page, remove the Write permission, although be aware that editing the page allows them to modify the page composition, and that controlling this doesn't prevent changes to the content if the person has permission to modify the relevant components.
If none of these is sufficient, then you will need to implement a custom solution with either the events system, or workflow.
Inspect the properties for your Structure Group and go to the Security tab. Check which users/groups have the localize right and then see if your user is a member of any of those groups. Groups can be members of other groups, so you may need to check recursively to find where this ability is being allowed from.
Also make sure that the user is not an Administrator.
To prevent a user from unpublishing a page then you need to make sure they do not have "Publish to Content Distributor" rights at the Publication level. If they need to be able to publish pages, but not unpublish, you will need to take care of that by writing an Event System.
To prevent them from updating a page, you need to consider the Write permissions on the containing Structure Group.

How to make a box with user options in facebook open graph

I have an online magazine with news articles and i want to make an open graph action that everytime a user reads an article a story to post in his timeline.
I have all the nececery open graph tags in my urls and a login button with publish_actions scope.
I'm one step away from submitting the action for approval but i still cant figure out one thing.
The facebook's documentation says that i need to give users an option to stop auto publishing or remove the app etc. something like the image in the middle of this page http://developers.facebook.com/docs/opengraph/actions/builtin/#read .
I saw it also on yahoo and its exacly the same.
How can i make something like this in my site? The code is ready somewhere or i have to write it myself?
Thanks in advance!
The permission remove, or just a switch to stop publish of action and the delete article functions will have to be developed by you.
I am working on the same things for my app.
creating user CP control panel containing, revoke perms buttons.
a user CP to swich publishing on and off, via true/false in mysql
an array of app activities with delete buttons.

Uploading private files?

I want to be able to upload files using django-cms, and have those files only be visible to authenticated users.
I've gotten as far as creating a "Members only" page, clicking "Login required" and selecting "for logged in users only" for Menu visibility ("advanced settings under /admin/cms/page). This gets me some of what I want; the page itself is not visible unless you're logged in. And the menu item goes away too.
But, the next step is a problem. I can upload a file using the "file" plugin. This puts the file under /media/cms_page_media/. Even though you can't see the page which displays the link, you can still get to the file if you have the direct URL to it. What I need is something which not only protects the page, but the files uploaded to it.
I know my way around most (well, some) of django, so I could do a bit of hacking to get a solution. I'm hoping to avoid writing an entire file manager from scratch (not that it wouldn't make a nice little OSS project).
Django Filer (https://github.com/stefanfoulis/django-filer) has this option in the newest release. It also has a nice set of CMS Plugins which add a lot of value over the default File plugin: https://github.com/stefanfoulis/cmsplugin-filer

Drupal: where does this tab "Track" come from?

I've noticed there is one more tab in my edit-content pages in Drupal.
Could you tell me which plugin added it ?
See picture: http://dl.dropbox.com/u/72686/TrackTab.png
I actually need to know step by step how can I disable such tab
thanks
besides tracker.module (and, as mingos said, possibly other contrib modules), a "Track" tab is also added (to nodes) by statistics.module, statistics_menu().
UPDATE: this tab is only visible to users with "access statistics" permissions, so just adjust your site's permissions accordingly. as user #1 you will always see it, though.
you can, of course, just disable statistics.module.
Either Tracker (core module) or Tracker 2 (add-on) adds such a tab, but I've noticed it only on user profile pages.

Resources