In Plone, I created a new folder called "Admin" that appears at the top navigation bar. How do I restrict access to this folder so only site administrators will have access to this folder? (and, preferably, only those admins would see that link appear)?
Create a folder at the root level and keep it private and don't share it with any other groups. Administrators (by default) can view all content. Items for which a user does not have permission are not visible in the Global Nav, Nav portlets, search, etc.
Use the sharing tab and add the users/groups needed.
Related
I am using Alfresco Community Edition.
I have 4 Folders.
1. Sales 2. Controller 3. Purchase 4. Accounts.
I have Multiple Users as per their teams.
The Sales Team will create a folder and send the folder to Controller, Controller sends the same folder to Purchase and Purchase to Accounts.
Here, what I want is, when a User from Sales team creates his/her folder, it should be only visible to him/her in Sales Folder and no other Sales user should be able to view it. (Only folder owner should be able to view his own content)
But when the folder is sent to other folders, there too only the Folder Owner and the other users should be able to access and view the folder.
I tried the workflow and I have successfully given the permissions to the other users, but unable to assign proper permissions to the Sales Team.
Short Explanation : Sales Member who creates a folder should be able to access his own folder and not any other members contents/folders in all 4 main folders.
Please help me on this.
Remove permission inheritance on the root folder of the site.
Set the proper permission to each folder through Manage permissions (Sales, Controller, Purchase, Account)
Setup a rule to act upon some action or manage the permissions through your workflow.
You can read up on folder permissions here.
Cheers!
There is no embedded function for your expected behavior but it is possible to archive what you expect by defining rules on the 4 main folders which call JavaScripts to run your business logic:
remove inheritance flag on new / moved objects (only on direct childs
/ folders)
remove all direct permissions and add only permissions you
want to add for this folder
The user who created the new folder will always have all permissions because Alfresco has a special role "Owner" which has similar permissions (ALL) like a Coordinator which will be still active when the folder will be moved to another main folder. If the user creating the folder should still have navigation access to the folder when it is moved you need to give Consumer permission on the all 4 folders for the sales team. This will allow to walk into the folders but only to see subfolders if the user has access.
I've got an installation of Plone 4.2.1 running nicely, but visitors to the site can click on the Users tab in the main menu and go straight to a search of all my registered users. Certainly, anonymous visitors are unable to actually list anyone, but I don't want this functionality at all.
What's the Plone way of:
removing the Users tab from the main menu?
stopping the URL /Members returning anything except 404?
Are there other effects of this functionality I should be aware of?
The Users tab is only shown because there is a Members folder (with the title Users) in the root that is publicly visibile.
You have three options to deal with the default; make the Members folder private, delete it altogether, or remove the index_html default view.
Unpublish
You can 'unpublish', retract, the folder workflow to make it private, and anonymous users are then redirected to the login form instead of seeing the user search form:
Simply go to the folder, click on the workflow state (Published) and choose Retract.
Delete
If you do not need to have per-user folders, you can remove the Members folder altogether. You do need to make sure that user folder creation is not enabled first. Go to the Control Panel (click on your username, top right, select Site Setup):
select Security:
and make sure that Enable User Folders is not checked. If it is, uncheck it and save the settings.
Now just delete the Members folder; click Users, find the Actions menu on the right, then select Delete:
then confirm the deletion in the popup:
Deletion means all users will get a 404 when visiting /Members in your site.
Delete the default view
The Members folder contains a index_html object that provides the user form search. If all you want to get rid of is this view, you can delete it. If your Members folder is still public, visitors can see any userfolders that have been created though.
Deleting this view requires going to the ZMI, the Zope Management Interface, navigating to the Members folder and deleting the index_html object there.
Since this is not really the recommended course of action I'm leaving out the screenshots for this part.
You can just delete the Users folder.
Is there any way by which I can show particular documents to particular users only ? In alfresco, all users from a site can see all the documents. I want to show the particular document to some users only. I am using alfresco community edition. Can somebody help me ??
Thanks
A site is just a folder. The site folder contains "container" folders for things like the document library, wiki, data lists, etc. You can set permissions on these folders just like you can any folder in Alfresco. Similarly, documents can have their permissions set individually.
The confusion arises because when you are using Share in the context of a particular site, the permissions settings don't offer granular settings. But if you navigate to your site through the "Repository" view (see the link at the top of the page), you can have full control over the permissions.
Suppose we have a site called test-site and a folder called test in that site's document library that contains a document, testdoc.pdf. You should be able to:
Click the "Repository" link at the top of the page.
Click the "Sites" folder.
Click the "test-site" folder.
Click the "documentLibrary" folder.
Click the "test" folder.
Click testdoc.pdf to open its details page.
Click "Manage Permissions".
By default, objects inherit the permissions of their parent. So testdoc.pdf has the permissions of its parent folder. If you want to remove all permissions and set explicit, "local" permissions on testdoc.pdf...
Click "Inherit Permissions" to turn off inheritance.
Click "Add User or Group" to add specific users or groups with the access level you want them to have.
Is there a Drupal module to specify access rules for specific nodes ?
I don't need to specify them for a generic content type, but for a specific node (nid).
Also I would like to specify permissions on a specific page (let's say a view).
thanks
The Content Access module allows you to specify access control per node by role, breaking it down to a granular edit, view or delete permission by role.
Views allows a permission to be set by role under the 'access' option in basic settings. You can therefore set by display giving you quite rich control over what visitors have access to by role.
I've also used Nodeaccess which may be worth looking at. I believe this allows delegation of deciding which roles may edit, delete or update a node to the node author rather than the administrator.
Views has access control built in, you can set permissions for a view from inside the Views UI. When you edit a view there is a setting "Access" where you can set a role or permission that is required to access the view.
"Content Access" has an option for node-specific access, but I never used that part of the module myself (I previously wrote Module Grants, but that functionality came from Content Access).
Other options are Taxonomy Access or TAC lite that apply permissions based on taxonomy.
I am finishing up a Drupal site and I have attached a word document on one of my page nodes. I want anonymous people to be able to download it, but they don't even see the document. I do as a logged in user.
Any Ideas?
You need to give anonymous users permission to view uploaded files.
I'm guessing that you used the upload module.
The permissions page is at /admin/user/permissions and under the group "upload module" you are looking for "view uploaded files".
-Ed
Assuming you only want to enable this one particular file to anonymous users, you can do it without touching permissions, which would affect your whole site.
The simplest way, assuming you have configured downloads as "public" instead of "private" is to just add a link to the document in your page node, like Download myfile.doc