I have a Plone website and create a menu item.
In the sharing tab I add each user that can post a topic.
How can I prevent that user1 edits posts owned by user2? Currently user1 can edit user2 posts.
Previously I try creating a group, assign each user to this group and add the group using the sharing tab, but in this way one user edit posts from another user.
Just subtract (uncheck) the 'Can edit'-permission of the sharing-tab.
The creator of an item is by default also owner, owners have edit-permission, thus users can edit their own items but not the ones of others.
Update (according to the new comment):
To inhibit the add-privilege on subfolders you'll need to break the inheritage of the Contributors-role, to which the 'Can add'-permission is assigned to.
However this seems not to be possible, yet. Quoting Martin Aspeli from his article "Understanding permissions and roles":
"Currently (until Plone 2.1, most likely), local roles can be added at a lower level in the acqusition tree, but not taken away".
So you need to look for another approach and, as Martijn already suggested, you'll most likely want to go with a custom workflow for your - assumingly folderish - contenttype and to all types that should be allowed to add in it (fortunately by default, Images and Files inherit the state of its parent, otherwise you probably have to think of a multi-chained workflow, but that's worth a new post even, or - ugly - create copies of contenttypes only to give them another workflow).
In that case, do as follows:
Create a workflow as adviced in http://developer.plone.org/content/workflow.html (I updated it lately, please let us know, if you have suggestions for improvements or contribute yourself).
Add the 'Add portal content'-permission to your workflow (in ZMI clickon your workflowname andhit the permissions-tab, select it from the dropdown).
For each state in your workflow (click on the state's name), uncheck 'Aquire permission settings', this way you break the inheritage of the Contibutors-role. Then check the 'Add portal content'-permission for each role you want to grant it, which would be at least the Owner-role in your case, and you might also Managers be able to access everything.
Update2:
Another, more challenging but IMHO much better, approach could be:
On your contenttype's inititialization (=your ct's class is called) trigger a script (f.e. with a contentrule/eventhandler/subscriber or in you ct's class-definition, itself), which looks up the inherited sharing-permissions on the parent, blocks them (__ac_local_roles_block__ = True) and reassign all roles again, but the Contributor's one, for the new born object (your folderish contenttype).
This would avoid creating a whole new workflow just to solve this case.
To do this, please read the docs (just updated, comments always welcome), to see how an event-handler is registrated:
http://developer.plone.org/components/events.html?highlight=events#example-register-an-event-handler-on-your-contenttype-s-creation
The executed python-script could contain s.th. like:
from Acquisition import aq_parent
def inhibit_parent_inherited_contributor_role(self, event):
""" Blocks local-roles on freshly created children in our
contenttype and re-assigns all its parent's local-roles but
'Contributor' to the child.
"""
# Block all inherited local-permissions, also of grand-parents:
self.__ac_local_roles_block__ = True
# Get local-roles assigned to parent and only to parent:
parent_roles = self.aq_parent.get_local_roles()
# Iterate over each assigned user and group to get their roles:
for userid, roles in parent_roles:
# Provide a list variable, to collect the new roles:
# of a group or user:
new_roles = []
# Iterate over the user's, respectively group's, roles:
for role in roles:
# Exclude 'Contributor' of new role-list:
if role != u'Contributor':
# Add all other roles to list of new roles:
new_roles.append(role)
# Finally assign new roles to the child for each found user and group:
self.manage_setLocalRoles(userid, new_roles)
Disclaimer:
I have tested this with IObjectEditedEvent, which works fine. Whereas the IObjectAddedEvent is fired four times (why?) and I wasn't able to tame that quickly, but plone.app.contentrules.handlers.py, does :) Have a closer look at it, maybe including a contentrule in the solution can be even better.
For an in-depth code-example about roles, see Andreas Jung's lovely zopyx.plone.cassandra and its computeRoleMap.py .
And I haven't looked at collective.subtractiveworkflow, yet. In case you do, please tell us about it :)
You need to restrict editing to the Owner role if you only want to have users edit their own content.
Related
I'm working on a project where I'm using Symfony2 (latest) and SonataAdmin. I need to keep log of users actions by logging:
action/event date/time (when and at which time the user did something)
the user himself (the id of the user who did the action/event)
affected rows (which rows was affected by for example changing some data in a form)
I find in KnpBundles and over Google without success, can any give me some tips or ideas? Or if someone did this before give me some code as start point? Take in mind that I'm using SonataAdmin and this is a bit complicated.
The stofDoctrineExtensions (a Symfony wrapper for Gedmo's DoctrineExtensions) Loggable extension would do this for you.
This extensions can be set to log a username, changed (create, updated & remove) and the data changed (if specified) in a table that can then be used to log and/or revert changes.
StofDoctrineExtensions (Wrapper of below)
Gedmo\DoctrineExtensions (Loggable)
I have a permissions problem in Drupal. I want users to be able to create a certain node type, but there are two different paths I need to give them permissions for to let them do this. The type is content created by a module called isbn2node, and there are two ways to make content through it, each with different paths:
?=node/add/isbn2node-book
?=node/add/isbn2node_book/isbn2node
One has an underscore and the other one has a hyphen. The first path leads to a form that lets users enter information on a book manually; the second path lets them enter an ISBN, searches for it, and populates the form for them based on the results.
I've changed permissions in the People menu so they can add isbn2node-book content manually using the first path, but there isn't an option to let them use the second method. Aliasing the url so it didn't have node/add in the path didn't work either.
Creating a duplicate content type seems like an ugly solution to this; is there a more elegant way to let users access that second path?
A little code in a custom module using hook_node_access should do it.
$node is either a node object or the machine name of the content type on which to perform the access check (if the node is being created then the $node object is not available so it will be a string instead).
So this should do it:
function MY_MODULE_node_access($node, $op, $account) {
if ($op == 'create') {
$type = $node;
if($type == 'book' && $account->uid) return NODE_ACCESS_ALLOW;
}
}
I figured this out, and the issues I was having were specific to this content type. The ISBN2Node module requires users to have the Administer Nodes permission to use its lookup and bulk import features.
There is some extra code for the module's hook_permission and hook_menu sections submitted as a fix in the module's issues thread.
I have been trying to create a page using views that will list down all the nodes authored by a specific user.
The user name will be specified in the path (like - stuff/[user-name] )
Can someone please tell me how to do this using Views.
I am stuck on a dead end
for the views url path specify: stuff/%
in the arguments section add: user -> user: name
Should do it, but I'm not sure if it isn't buggy (see this issue: http://drupal.org/node/744468)
If you use user:id instead of username, you will be fine.
I don't know if I'm on the right track but I'm trying to let users of my web site create there own versions of pages on my web site.
Basically I'd like to make our documentation used as a starting point where they just add details and make a new page for themselves in the process.
I have a 'book' content type that I have changed with CCK and a 'client edits' content type that uses a nodereferencefromURL widget to link itself to the book node.
So simple version of what I'm saying is I have a link on my book pages that creates a node using client edits content type. I would like to put some fields on the client edits content type that take the values of some of the fields from the book page it is linked from.
I'm sure I'm missing something as I would have thought someone would have tried this before but I can't even find a hint on how to go about this.
All I really need is a point in the right direction if my current thinking is wrong.
Current thinking is that I use a php script to get the default value for a field on the new node add screen that drags the value for a field from the book I'm linking from.
I'm thinking this is the case because there is an option for default values for the field in cck manage fields that lets you put in a php value to return a default value for your field.
Am I on the right track or is there already a module or process that does what I'm talking about and I'm just too dumb to find it.
This sounds a little strange, are your client edits going to be a diff from the original node or just coppied data?
I would prehaps do it a more simple way, just have book nodes, and have different fields disaply depending on who edits it (enable the content_permissions module). That way you can use the node clone module to create the users copy.
You will need to make a module to contain your custom php code.
I ended up using rules to save information from the user and the cloned node into hidden fields.
One that saved the original node ID into a field when ever you create content of that type unless the url ends with Clone. This means that when you create the clone the original node ID is kept in the field.
That made it easy to use a views argument that took the node ID to make the clone appear along side the original when a user visits the original page.
The second rule trick was to compute a field that saved the "store name" from the profile of the user only when saving clone content.
This meant that there was a hidden field on the clone that stored the info so I could then use another views argument to restrict the view to only people with the same store name in their profile.
I am no good with PHP but I managed to find a snippet (can't remember where) that returns the store name of the current logged in user as the argument.
global $user;
profile_load_profile($user);
return $user->profile_store_name;
I currently have nodes setup on my site, and each node belongs to a particular menu (not primary or secondary prebuilt menues).
How can i find out which menu a node belongs to?
Maybe this is what you mean:
$trail = menu_get_active_trail();
$lastInTrail = end($trail);
$menu_name = $lastInTrail['menu_name'];
menu_get_active_trail() returns a breadcrumbs like array, the last breadcrumb represents the current node.
Cheers,
Laurens Meurs, Rotterdam
I'm a noob, so don't bash me if what I'm going to write is worthless babbling.
I think you can't do that directly, unless there's some smart module out there that would do all the nasty SQL queries necessary to check this.
Node info is stored in the SQL table "node", and is identified merely by NID (node ID, which is the node number that appears after /?q=node/ in the address). Their aliases, if any, are stored in "url_alias" table, where you can find columns "src" and "dst", identifying the original and the aliased path (for instance, src='node/123', dst='my/url/alias'). The menu links can be found in the table "menu_links", where you can find the columns "menu_name" (the machine-radable name of a menu) and "link_path" (either the node/... or the alias).
So, what you'd need to do is the following:
get the current node's NID
query "url_alias" if there's an alias for node/NID and retrieve it, otherwise leave node/NID
query the "menu_links" table for the path you've determined and retrieve "none" or the menu's machine-readable name
You could then also query the table "menu_custom" to check what's the human-readable name of the menu you've determined.
Anyway, that's a complicated query (several queries?) and I'm a MySQL ignorant, so I can't help you with the actual code you'll need to use to check all that :P.
This isn't a direct solution and I see from your reply to a previous answer that you didn't wanted the simplest solution possible, but I thought I'd mention this option. The Menu Node API module maintains a table which Drupal lacks, a node-menu relationship table.
The module does nothing on its own, but there seems to be contributed modules which build on this, so depending on how complex your problem is it might be a starting point.
http://drupal.org/node/584984
Updated: Sorry guys, didn't even realize I had posted this link. I think I intended it as a draft and simply posted it when closing tabs. That said, mingos (above) is right on.
My link is to a function menu_get_active_menu_name() that appears to provide you with an array containing the active menu for the current page. As I presume that is what you are using it for, it would be a nice way to abstract yourself away from the database calls that might cause problems down the line.
I myself have never tried it, which is probably why I didn't elaborate and post. well... at least didn't post on purpose.