I've got an installation of Plone 4.2.1 running nicely, but visitors to the site can click on the Users tab in the main menu and go straight to a search of all my registered users. Certainly, anonymous visitors are unable to actually list anyone, but I don't want this functionality at all.
What's the Plone way of:
removing the Users tab from the main menu?
stopping the URL /Members returning anything except 404?
Are there other effects of this functionality I should be aware of?
The Users tab is only shown because there is a Members folder (with the title Users) in the root that is publicly visibile.
You have three options to deal with the default; make the Members folder private, delete it altogether, or remove the index_html default view.
Unpublish
You can 'unpublish', retract, the folder workflow to make it private, and anonymous users are then redirected to the login form instead of seeing the user search form:
Simply go to the folder, click on the workflow state (Published) and choose Retract.
Delete
If you do not need to have per-user folders, you can remove the Members folder altogether. You do need to make sure that user folder creation is not enabled first. Go to the Control Panel (click on your username, top right, select Site Setup):
select Security:
and make sure that Enable User Folders is not checked. If it is, uncheck it and save the settings.
Now just delete the Members folder; click Users, find the Actions menu on the right, then select Delete:
then confirm the deletion in the popup:
Deletion means all users will get a 404 when visiting /Members in your site.
Delete the default view
The Members folder contains a index_html object that provides the user form search. If all you want to get rid of is this view, you can delete it. If your Members folder is still public, visitors can see any userfolders that have been created though.
Deleting this view requires going to the ZMI, the Zope Management Interface, navigating to the Members folder and deleting the index_html object there.
Since this is not really the recommended course of action I'm leaving out the screenshots for this part.
You can just delete the Users folder.
Related
I'm trying to deploy an "intranet" folder hierarchie with a simple workflow, that:
shut of anonymous users from that hierarchie, even sub-levels
let users of a certain group enter that hierarchie only, even sub-levels
have private objects unvisible by default
upon publishing make them visble to all users of the group
private folders should deny other users (except admins) to enter that folder and access any object below
This scenario is discussed here: http://blog.keul.it/2011/10/plone-security-and-workflows-learn-how.html?m=1
It's more or less the same here: Plone Intranet workflow and group permissions
The answer of the question of above is:
Leave the page or folder in the private workflow state, NOT published internally. (I think this is the step you were missing.) 2.
On the Sharing tab for the page or folder, grant 'Can view' to the
group you want to share with, just like you already tried. You don't
have to change the "inherit permissions from higher levels" checkbox.
However, if I grant 'can view' only, the user may not enter the folder, but if I grant 'can add', too, the user may enter. However, this makes all objects below visible to all users of that group.
Example:
user is member of group1
folder in private state
-> share with group1 'can view'
user may not enter folder;
-> share with group1 'can add'
user may enter and sees all object, even private ones
This is Plone 5.0.6, should this setup work?
Here is a reminder in general, though it might not answer the question per se.
1) Make sure you configure the 'real' target on its Sharing tab. For example, a folder with a default view might mislead the target. 2) Likewise, items with index_html IDs in a folder will become the default view, that might mislead the target. 3) Can View in the Sharing tab means Reader role in the workflow settings. Check permission settings in Workflow State. The following is my example settings hopefully gives hints.
I have the Intranet / Extranet workflow enabled on a Plone 4.2 site, I have removed most of the members permissions (so they can only view).
I created an account and started to add some content but even though I have the "Owner" role permission "Delete portal content" enabled (under mysite.com/manage_access) however my test user is unable to delete anything, which is great... However they cannot delete anything they have created either (I need them to be able to delete content they create).
I have searched on Google but am getting results related more to accomplishing bulk user actions using python scripts.
Basically what I want is that if you created the content, you are able to delete it, if you did not create it you cannot delete it.
Currently I have the second part setup and that's working, but for some reason it seems to be ignoring the "Owner" role, even on content I have created.
I can't find any other permission that I could tick that would indicate ability to delete content you own, can anyone lend any insights? Thanks.
EDIT:
To expand on the problem, it seems if I create a folder and then create content under it, that content is not deleteable, but if I then create a folder, and content within the folder I created, although the folder is not deletable the content within it is.
This was resolved by installing collective.deletepermission and adding the necessary "Delete Objects" permission to the "Owner" role in the ZMI under manage_access
I've enabled 'member folders' in plone administration panel. Then I've created a context menu link in the ZMI (with url: string:${portal/portal_membership/getHomeUrl}) to make these folders easy available.
I've noticed, that .getHomeUrl() always returns None, and link looks like: 127.0.0.1:80/web/None.
Do you have any idea what's wrong?
First of all, you normally enable that option in the Security tab of your Plone control panel:
If you set the option there, it'll also add a 'My Folder' action automatically that uses the .getHomeUrl() method.
.getHomeUrl() only returns a URL if the folder already exists. In your case it appears the folder is not yet created for the current member. The folder is first created when a member logs in but does not have their own folder yet. Logging out then in again should remedy this.
If you accidentally removed the Members folder from your Plone setup, you'll need to recreate it. Per-user folder creation would otherwise fail. If it is missing, simply create a new folder with the id Members in the root of your site.
Is there any way by which I can show particular documents to particular users only ? In alfresco, all users from a site can see all the documents. I want to show the particular document to some users only. I am using alfresco community edition. Can somebody help me ??
Thanks
A site is just a folder. The site folder contains "container" folders for things like the document library, wiki, data lists, etc. You can set permissions on these folders just like you can any folder in Alfresco. Similarly, documents can have their permissions set individually.
The confusion arises because when you are using Share in the context of a particular site, the permissions settings don't offer granular settings. But if you navigate to your site through the "Repository" view (see the link at the top of the page), you can have full control over the permissions.
Suppose we have a site called test-site and a folder called test in that site's document library that contains a document, testdoc.pdf. You should be able to:
Click the "Repository" link at the top of the page.
Click the "Sites" folder.
Click the "test-site" folder.
Click the "documentLibrary" folder.
Click the "test" folder.
Click testdoc.pdf to open its details page.
Click "Manage Permissions".
By default, objects inherit the permissions of their parent. So testdoc.pdf has the permissions of its parent folder. If you want to remove all permissions and set explicit, "local" permissions on testdoc.pdf...
Click "Inherit Permissions" to turn off inheritance.
Click "Add User or Group" to add specific users or groups with the access level you want them to have.
I am finishing up a Drupal site and I have attached a word document on one of my page nodes. I want anonymous people to be able to download it, but they don't even see the document. I do as a logged in user.
Any Ideas?
You need to give anonymous users permission to view uploaded files.
I'm guessing that you used the upload module.
The permissions page is at /admin/user/permissions and under the group "upload module" you are looking for "view uploaded files".
-Ed
Assuming you only want to enable this one particular file to anonymous users, you can do it without touching permissions, which would affect your whole site.
The simplest way, assuming you have configured downloads as "public" instead of "private" is to just add a link to the document in your page node, like Download myfile.doc