Support Forum

I am new to all this.

I have written a page on my planned permission structure which will be accessible to Admins and SubAdmins. To test this plan I have tried to block access to the page for everyone except Admins. I believe the step is to prohibit access to the page to everyone and then to allow access for Admin to everything. Something like this:-

1 Admins .* .* Admin
2 All Users Story::Stories Author:Category:StoryId

The Author is Admin, the Category is Parentals and I have tried the sid and the title all with no success. I have also tried blocking the Topic - which is Security - also with no success. The story id and the topic id I have collected by reading the status bar while hovering over links to the story or the topic.

Please can you assist?

I cannot post a URL - it is on a development machine. But this is the permission table with my view of what I am trying to achieve in red. Everything does what is intended apart from line 2. Is there an easy way of picking up the permission table and posting it? And who is a


1 Admins .* .* Admin - Give Admin access to everything
2 All groups Menublock:: Main Menu:Administration: None - Stop all access to Admin
3 All groups Stories::Story Admin:Parentals:2 None - Stop all access to the Security Plan
4 Users .* .* Comment - Allow all Users to Comment
5 Unregistered Topics::Topic .* None - Stop Unregistered seeing all Topics
6 Unregistered Menublock:: Main Menu:(My Account|Logout|Submit News|Downloads|FAQ|News|Reviews|Search|Sections|Submit News|Topics|Web Links): None - Stop Unregistered seeing all the Main Menu except Home
7 Unregistered .* .* Read - Allow Unregistered to Read everything

I do not get the syntax being used.

It seems that .* means everything
Then for Component a separator seems to be :: while in instance it is only : - are they significantly different and, if so, how?
In the example given at http://communit...onsAdmin.htm there appears Stories::Story? as a component followed by .* as the instance. What does the ? signify? It could mean any story, but then isn't that what .* means?

In my example of restricting use of Menu lines I have used a long OR list. Would Main Menu:* followed by giving specific permissions for the Menu lines I wanted them to access have worked as well?

Sorry for being long winded

Thanks for all help

Tony Davis



edited by: addacumen, Mar 21, 2008 - 03:43 PM

Hi and Welcome to the PostNuke community Tony!

The Permissions rules syntax is pretty simple:

Group |
component-left:component-middle:component-right |
instance-left:instance-middle:instance-right |
ACCESS

Sometimes components/instances are empty (like the component-middle in this case: Stories::Story), all depends on the way that the module developer uses the three alternatives of components/instances.

So, let's study the meaning of the following rule:
All groups | Menublock:: | Main Menu:Administration: | None
This rule prevents the access to All the groups
to the component "Menublock" (just the menu block 'id' defined by it security-schema)
in its instance with title "Main Menu",
to the link "Administration".
For that reason, if you rename the block title, this rule must be updated too, and the name of the links must correspond to existing links in that menu.

If you have a second menu block with the title "Secondary links"
and you want to hide the Administration link too, you can do it in the same rule with the | operator:

All groups | Menublock:: | (Main Menu|Secondary links):Administration: | None

now, both instances are affected by this rule.

finally, you can use .* to apply the rule to all the components/instances, but you can't use something like "Main Menu:*:"

I hope this helps!
Welcome again

-----
- Mateo T. -
Mis principios... son mis fines

Thank you Mateo

Indeed that does help - but I am not yet clear.

From the examples presented when I click on Components I see

Stories::Story Author:Category:StoryId

but

Topics::Topic Topic::TopicId

I don't understand why the instances are different.

But the good news is that only when following your post did I try the Topics approach with a :: in the instance and I achieved the effect I desired.

But not understanding what I really did leaves me with an uncomfortable feeling!!

Any more help will be appreciated
As were the Welcomes

Tony Davis

Tony,

Each module will have its own published components and instances.

The Stories context differs from the Topics context.

A simple module may only use simple scheme - ie, only using THIS MODULE:: :: for all permissions.

A less-simple module may decide to add an instance of ITEMID so it would be THIS MODULE:: ITEMID::

A more complex module may have several components and instances:

THISMODULE:MODULEFUNCTION: ITEMID:ITEMNAME:ITEMwhatever.

If you want to restrict the entire module, a :: or .* usually works.

If you want to restrict certain items in the module - a certain topic, or a certain news story - then the compenent/instances available in the module come into play.

NCM