Restricting editing to a specific group

Moderators: mandville, PhilD, General Support Moderators

Locked
User avatar
GJSchaller
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Wed Aug 24, 2005 2:57 pm
Location: White Plains, NY
Contact:

Restricting editing to a specific group

Post by GJSchaller » Fri May 03, 2013 8:48 pm

I have a Joomla site I am using as an knowledgebase for my company. By default, guests cannot do anything (including see anything except the one specific article configured for their viewing). Registered users can see anything, as well as create / edit anything. So far, so good.

I have one category (HR) that I would like to make visible to everyone, but only editable by members of the HR usergroup. In the Category manager, I have set the category to deny for Registered (since they can edit things by default), but Allow for the HR group. When the calculations are complete, they state that the HR group should be able to edit articles in the HR category... but they do not see the edit button on the article when they view it.

My Group Tree is as follows:

Public
|– Guests
|– Manager
|– |– Administrator
|– Registered
|– |– Author
|– |– |– Editor
|– |– |– |– Publisher
|– |– Notifier
|– Security Groups
|– |– HR
|– |– IT
|– Super Users

"Registered" is set to deny, "Security Groups" is set to Inherit, and "HR" is set to allow. My user account is a member of Registered, Administrator, HR, and IT, but I still cannot edit pages in the HR category.

What am I missing?
Geoffrey J. Schaller
Technical Officer
Knight Realms
http://www.knightrealms.com

User avatar
rcarey
Joomla! Explorer
Joomla! Explorer
Posts: 469
Joined: Sat Apr 25, 2009 9:20 pm
Location: Minnesota (USA)
Contact:

Re: Restricting editing to a specific group

Post by rcarey » Sat Jun 15, 2013 3:38 pm

When a user belongs to a user group that is set to "deny," they will be denied that action if if they belong to a user group that is set to "allow" for that same action. One "deny" makes an action denied and this cannot be undone by any number of "allow." In your case, I assume anyone in the "HR" group is also a member of "Registered" - so the configuration you explained denies them the ability to edit.

I think what you want is to leave the "edit" action to "inherit" for the Articles component, and then for each category "allow" the "edit" action for Registered users, but for the HR category "allow" the "edit" action only for the user group HR.

Anytime you feel a need to use "deny" you probably can find a better solution that leverages selective use of "allow" and "inherit." Almost always, the behavior of "deny" causes unintended results.
Randy Carey, the iCue Project http://iCueProject.com : developing an intelligent approach to improving the CMS user experience,
Careytech Studios http://careytech.com custom development for tailored or value-added web solutions

User avatar
GJSchaller
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Wed Aug 24, 2005 2:57 pm
Location: White Plains, NY
Contact:

Re: Restricting editing to a specific group

Post by GJSchaller » Sat Jun 15, 2013 6:32 pm

Thank you, Randy - I'll give it a shot.
Geoffrey J. Schaller
Technical Officer
Knight Realms
http://www.knightrealms.com

User avatar
GJSchaller
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Wed Aug 24, 2005 2:57 pm
Location: White Plains, NY
Contact:

Re: Restricting editing to a specific group

Post by GJSchaller » Mon Jun 17, 2013 1:37 pm

That did the trick - thank you, VERY much! Good to know moving forward from here!
Geoffrey J. Schaller
Technical Officer
Knight Realms
http://www.knightrealms.com


Locked

Return to “Access Control List (ACL) in Joomla! 2.5”