Wiki : PermissionsAdmin
Documentation Home :: Categories :: Index :: Recent Changes :: Comments :: Search :: Help :: Login/RegisterUsing the PostNuke Permissions System
The PostNuke permissions system can be an important part of any PostNuke site, allowing you to customize the experience for each of your visitors. A website’s permissions can be as simple as the default layout, or complex with multiple tiers of user. For a user unused to the PostNuke permissions system, it can be confusing and daunting, however it does not take long to become experienced in the use of permissions.
Through permissions, you can customize what your users see of your website. Permissions can be used to completely restrict your gallery for unregistered users, but make it available to registered users. With the core news module in PostNuke, you can restrict the ability to submit news for unregistered users, but allow it for registered users. You can also have a group with administration permissions just to the news module to moderate and approve these stories.
Basic Structure
Group permissions have four different parts; these are Group, Component, Instance and Level. Group is the group (set in administration > groups) that the permission corresponds with; users in this group will all be affected by the permission that you create. The component is the broad area, which the permission will relate to; this is usually a module, however it can also point to blocks, among other things. The instance is the more detailed area of the permission, within the component, for example if the component is set to point to blocks, the instance would point to the specific block. Another example is the Topics module, for this the component would be Topics::Topic however to restrict a specific topic, you need the instance: Topic name::Topic ID.
It is important to note at this point that a list is provided of all the available components and instances. It can be accessed by clicking the Component link in the column header of the permissions table. The window that pops up contains a list of all the available components, and the instances that can be used in conjunction with those components. This is especially useful when working with modules you have not used before, or that have complicated permissions structures.
Here is a copy of the default permissions table as it is after a fresh install of PostNuke:
| No | Group | Component | Instance | Level |
|---|---|---|---|---|
| 1 | Admins | .* | .* | Admin |
| 2 | All Groups | Menublock:: | Main Menu:Administration: | None |
| 3 | Users | .* | .* | Comment |
| 4 | Unregistered | Menublock:: | Main Menu:(Logout|Submit News|My Account): | None |
| 5 | Unregistered | .* | .* | Read |
Below the effect of each of the permissions is explained, by number.
- Members of the Admins group have administration rights over everything.
- Removes rights to Administration (link only) in block named ‘Main Menu’ for all groups. This does not affect the Admins group, as due to the hierarchical nature of the permissions, the all groups permission below the Admins permission has no effect.
- Users comment access over all modules.
- Similar to 2 – restricts access to the stated links for unregistered users. Submit news is restricted because it requires at least comment access to function, and in the default permissions set unregistered only have read access.
- Read permission over whole site for unregistered users.
Sub Admin Permissions
Permissions to administrate modules are quite simple. To give a certain group administration rights to a module, then just grant them access to
| Group | Component | Instance | Level |
|---|---|---|---|
| Sub-Admins | <component> | :: | Admin |
This means that whenever the users in that group go to /admin.php they will see all the modules you give them access rights to, and not the modules they do not have admin rights to. To find the components for the specific modules you wish to grant admin access to you should click the component link in the column header of the permissions table.
To give your users access to the administration link in the main menu you will need another permission:
| Group | Component | Instance | Level |
|---|---|---|---|
| Sub-Admins | Menublock:: | Main Menu:Administration: | Comment |
Replace "Main Menu" with the name of your menu. This will give all users in the Sub-Admins link access to the Administration link in the main menu. However, this must be placed above the All Groups permission that restricts the link, otherwise it will not take effect. This permission is not necessary as long as the overall permission (for an example of this see below), is placed above the All Groups restrictive permission, as the overall permission takes effect before the restrictive permission below it.
Something that is often overlooked when creating a new group is to give them an overall permission over the whole site, otherwise they will see very little.
| Group | Component | Instance | Level |
|---|---|---|---|
| Sub-Admins | .* | .* | Comment |
So your final permission set should look something like what follows:
| No | Group | Component | Instance | Level |
|---|---|---|---|---|
| 1 | Admins | .* | .* | Admin |
| 2 | Sub-Admins | (FAQ|Polls):: | .* | Admin |
| 3 | Sub-Admins | .* | .* | Comment |
| 4 | All Groups | Menublock:: | Main Menu:Administration | None |
| 5 | Users | .* | .* | Comment |
| 6 | Unregistered | Menublock:: | Main Menu:(Logout|Submit News|My Account): | None |
| 7 | Unregistered | .* | .* | Read |
Demonstration Permissions Set
The aim of this demonstration is a small example of what can be done with permissions, and an explanation of how each permissions achieves its purpose.
I have a hypothetical site with three menu blocks:
- The Main Menu – Contains links to publicly viewable modules
- Members Only Menu – Contains links to modules viewable only to registered users.
- Sub Admin Menu – Gives the sub-admin group links to the administration area of certain modules
I also have two blocks:
- Gallery Random Picture – Members only
- Members Online - All Users
Public Modules: Members list, Weblinks, Downloads Private Module: Gallery Sub-Admin Modules: Add Story, Downloads
The permissions table to achieve this is below:
| No | Group | Component | Instance | Level |
|---|---|---|---|---|
| 1 | Admins | .* | .* | Admin |
| 2 | Sub-Admins | Downloads:: | .* | Admin |
| 3 | Sub-Admins | Stories::Story? | .* | Add |
| 4 | Sub-Admins | .* | .* | Comment |
| 5 | All Groups | Menublock:: | Main Menu | None |
| 6 | Users | .* | .* | Comment |
| 7 | Unregistered | Gallery:: | .* | None |
| 8 | Unregistered | Galleryblock:: | Random Image:: | None |
| 9 | Unregistered | Menublock:: | Members Only:: | None |
| 10 | Unregistered | .* | .* | Read |
UserDocs
CategoryUserDocs
4 Comments so far
1. FrankDeRosa wrote on Jun 22, 2006 at 09:17 PM
A very simple but useful tip: Read permissions from the bottom up. In the last example currently listed, Unregistered users are first granted read access, then have access to three other things taken away. If they were listed with number 10 above 7, 8, and 9, the result would be that three items were removed from Unregistered users (to which they had no rights to begin with) and then they would get read access to all.
2. ecwpa wrote on Nov 14, 2006 at 02:14 AM
i'm getting some problems with espific block permissionswhat i want is to hide an specific block for all users excepting admins, and its called "online" it is not a menu block so i dont really know how i have to input in the component and instance fields, what i do was this:
just above this one there is a classic "Menublock::" working ok
So, its looks like (a portion of):
the thing is im not sure when i have to use Menublock:: , if there is a block i want to hide that is not a Menublock i dont really know if i have to put the name i give to the block as component or as instance
thanks for any help, and as always sorry for my bad english
3. coquiboy wrote on Feb 07, 2007 at 07:20 PM
Say you have on the left side some menus belonging to the Block type Menu (not a block type Login for example). So your menus looks like this:Main Menu
-My stories
-my photos
-my news
Client menu
-client A
-client B
-client C
So first, you need to command what type of component you want to hide, and then the "instances of that component".
Say you want to hide the Client menu.
Menublock:: Client menu:: none
Say you want to hide the option "cilent A" from the client menu
Menublock:: Client menu:client A: none
Say you want to hide "client A" and "client B" from the client menu:
Menublock:: Client menu:(client A|clientB): none
This is what I discovered. Unfortunately, the documentation of PostNuke is ..... ufff
4. dvbell wrote on Apr 16, 2008 at 02:57 PM
This helps a lot. However, my situation is a little different.I have created 2 HTML blocks. Let's call them block A and block B. I have them both set to display to the center. But, I want A to show only to an unregistered user and B to show to all registered users, but not the unregistered users.
In other words, the block that displays on the main page is different for unregistered users than registered users.
(I hope you are still following this discussion)
Thanks.
|
