Jump to content

Permissions: Prevent a group from deleting


bfncs
 Share

Recommended Posts

Hi everybody,

I just ran into a quite pressing problem:

I don't see a possiblity to allow a user group from deleting a page but grant them access to edit it. Did I look over something here or is there already a module to add this functionality that I didn't find?

With kind regards,

Marc

Edit:

Sorry, I missed the most crucial point in my initial question...

What I want to do is grant a group permission to delete pages of one template but not another one: delete permissions on a per template basis. I still want to grant the edit right for templates, that can't be deleted. I hope this is more understandable now...

Link to comment
Share on other sites

Thanks for your quick answer, Soma°

I just tried that:

1. Assigned a role without page delete permission to my user.

2. On a template I want them to be able to delete, I gave them edit permission in the template control.

With the result, that there's still no delete button when editing a page with that template.

Link to comment
Share on other sites

*confused* what do you want? be able to delete or not delete?

You title says 

"Prevent a group from deleting"

But reading your posts I'm not sure again what you need.

Edit but not delete

Delete but not edit? (doesn't make sense)

Link to comment
Share on other sites

Wow, sorry, you're totally right, I didn't reread through my inital post and missed the most crucial part of it  :-[

So what I want to do in the end would be assigning delete permissions to groups on a per template basis.

Link to comment
Share on other sites

But if I give the permission to the role, they already have delete permission for all pages. I want to limit the delete permission to only some templates, independently from the edit permission.

  • Like 1
Link to comment
Share on other sites

Then you would maybe create another role for them with only delete permission and remove the delete permission from the other role. Then assign the "delete role" to the template you want them to delete.

  • Like 4
Link to comment
Share on other sites

Exactly, to be honest I was more thinking about as groups and didn't even think of assigning more than one group to a user.

Thanks to your explanation, I now got that it's more like distinct feature sets. Coming from MODX with its completely over-the-top-for-most-projects permission system, this is really a simple and smart solution.

  • Like 1
Link to comment
Share on other sites

  • 11 months later...

Then you would maybe create another role for them with only delete permission and remove the delete permission from the other role. Then assign the "delete role" to the template you want them to delete.

Aw man, this is the bomb! I was stressing my brain on ways to do exactly what @boundaryfunc was try to nail and it's so damn easy. How can permissions be so simple! PW continues to prove itself.....

  • Like 1
Link to comment
Share on other sites

This is something I learned through using Liferay which has the most comprehensive (and therefore mind boggling) permissions system I have ever come across.

The rule was (much as had been inferred above) to create a core role that basically gives access to the areas for that particular group of people.

You then create additional roles (call them addon roles if you like, though that is not how they are displayed) that give fine grained and specific access to functions - create, delete, edit, view and so forth, or access to specific applications - forum moderator, community manager ....

Where Liferay gets a little more complicated is that you can then apply scope to roles - so you can have a global scope, or scope for just one area of the system (an organisation, for instance, as they are called in Liferay), or the scope can just be for one page.

But then you can also allow access to certain roles within a specific page, or item and so on.

The reason it is so complex is that roles need to be managed both globally and also locally within parts of the site, for instance, the Liferay version of Groups, where there is a local group manager, admin, moderator and so on who need to assign users to functions but not have those users suddenly gaining equal power with other groups!

If you ever want to learn how a completely over the top permissions structure and management system can work, I strongly suggest you play with Liferay just as a learning tool

Good luck!

  • Like 1
Link to comment
Share on other sites

  • 1 year later...

Hey, can you please describe for a beginner like me how to » assign the "delete role" to the template you want them to delete«? I dont get where this menu should be? Template->[template]->Access? But there is only page-edit...?

Thanks in advance,

ocr_a

Link to comment
Share on other sites

Everyone with template access "edit" can also delete the same page, as long as their role does also have page-delete. To differ between page-edit and page-delete on a per template basis you would need to use two different roles (role-edit, role-delete) so you can handle them independent of each other. 

Link to comment
Share on other sites

Yes yes, i get the point, and tried it. But it won't work. Their won't be a Move - Trash for a User with Editor and Delete-Role roles.

Or did i oversee something?

Template:

post-3169-0-05154700-1433794467_thumb.jp

Role Editor:

post-3169-0-61662100-1433794472_thumb.jp

Role Delete-Role:

post-3169-0-80930700-1433794474_thumb.jp

Thanks,

ocr_a

Link to comment
Share on other sites

Thanks for the hint with the Page Edit Screen. Yes Delete is shown there. How can i add it to the »move« again? 

The Setup is really easy

Work (should not be deletable by editor)

– Project (should be deletable by editor)

– Project (should be deletable by editor)

– Project (should be deletable by editor)

(...)

Also thanks for you replies!

ocr_a

Link to comment
Share on other sites

Just to make it clear, is the move action visible and just the trash one missing or are both not visible?

A little more peaking into ProcessPageList revealed, that the trash shortcut on move is only available to superusers (see here). I think that may be because only superusers can see the Trash, therefore other roles cannot "move" a page to the trash.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...