Path

ez projects / ezcore / forum / general / compatibility with standard... / re: compatibility with stan...


Compatibility with standard role mechanism ?

You need to be logged in to post messages in the forums. New users may register here.

Maxime Thomas

Member since:
11 December 2005

Posts: 18

Sunday 29 March 2009 5:06:02 pm

Hi,

I'm expecting the following issue (or maybe it's not).
I've got three Ajax actions available but only one can be accessible with the anonymous role and the two others have to be accessible with the editor role.

As my calls are generic and all passing trought the ezcore/call url, how can I define those limitations ?

Max
Up

André R

Member since:
20 August 2005

Posts: 171

Tuesday 31 March 2009 9:52:37 am

ezcore/call does not currently allow you to define limited access rules.
Would be a nice feature though, any suggestions for how to implement it? Or any special needs?

--
ar

Up

Maxime Thomas

Member since:
11 December 2005

Posts: 18

Tuesday 31 March 2009 7:36:37 pm

My need is the following :
My extension has three parts : it loads data that has been saved before, it loads a reference list from the db and it saves a data selection in the db. Quite regular actually.

Evryone is able to list and load data but only few people can save the selection.

As far as I know, the module functions are described in the $FunctionList in the module.ini of a module. So, A smart mapping with a setting file could do the trick :




AjaxFunctionMapping[]


AjaxFunctionMapping[list]


AjaxFunctionMapping[save]


AjaxFunctionMapping[load]




And in the module.ini




$FunctionList[]=array("list");


$FunctionList[]=array("load");


$FunctionList[]=array("save");




Then I set the policy on my module myextension/myfunction.

We have two choices :
- we can check the right before the call on the client side (js is never run)
- we can check the right during the call (the server call function automatically check the right).

I keep on thinking this.

Max
Up

André R

Member since:
20 August 2005

Posts: 171

Monday 27 July 2009 5:26:57 pm

Update: commited support for this to ezyui ,and should be fairly easy and safe to merge to ezcore.

Added:



[eZYuiServerCall]


# List of permission functions as used by the eZ Publish permission system


FunctionList[]=ezyuikeyword


FunctionList[]=ezyuirating_rate




These maps to $FunctionList in module.php, and in the definition of each and every server call I have added two parameters:



## Optional, List of [eZYuiServerCall]FunctionList functions user needs to have access to, Default: none


#Functions[]=ezyui


## Optional, If pr function, then function name will be appended to Function name like


## <FunctionList_name>_<ServerCall_class_function_name>, warning will be thrown if not set in FunctionList[].


## Default: disabled


#PermissionPrFunction=enabled





Will this cover your need?
Worth merging to ezcore?

--
ar

Up

Maxime Thomas

Member since:
11 December 2005

Posts: 18

Sunday 09 August 2009 4:31:52 pm

Hi,

Thanx a lot, I will try this one.

Elsewhere, we've got some troubles to reach the SVN for this project, is it down or something else ?

Max
Up

André R

Member since:
20 August 2005

Posts: 171

Monday 10 August 2009 10:36:44 am

Witch one? I don't have any issues with svn on any of the projects mentioned right now.

BTW: the code has moved on to ezjscore project where support for jQuery is added among some other things.
The only difference in the example I gave you is that "[eZYuiServerCall]" is now "[ezjscServer]", and its now in ezjscore.ini instead of ezyui.ini.

--
ar

Up

You need to be logged in to post messages in the forums. New users may register here.