Kentico CMS 7.0 Developer's Guide

Security

Security

Previous topic Next topic Mail us feedback on this topic!  

Security

Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

The security model of the Forums module has two parts:

 

1. Security of the Forums module administration interface.

2. Security of the forums published on the website.

 

Forums module administration interface

 

Access to the Forums module administration interface in CMS Desk -> Tools can be managed in the Modules -> Forums permission matrix at CMS Site Manager -> Administration -> Permissions (or CMS Desk -> Administration -> Permissions; only applies to the current site):

 

Modify - allows users to modify forum settings

Read - allows users to only read forum settings

 

Users without any permissions who are moderators of at least one forum are allowed to access the Posts waiting for my approval dialog only.

 

devguide_clip0451

 

Security of forums published on a website

 

If you Edit (Edit) some forum and switch to its Security tab, the permission matrix displayed in the screenshot below will be displayed.

 

Columns of the matrix represent the following actions:

 

Access to forum - defines who can enter the forum and view posts

Attach files - defines who can attach files to forum posts

Mark as answer - defines who can mark posts as answers in Question - Answer forums

Post - defines who can add posts to the forum

Reply - defines who can reply to forum posts

Subscribe - defines who can subscribe for receiving notifications about new posts in the forum

 

Rows in the top part of the matrix have the following meanings:

 

Nobody - the action can't be performed by anyone

All users - anybody can perform the action

Authenticated users - only signed-in registered users can perform the action

Authorized roles - only members of roles specified in the lower part of the matrix can perform the action

 

Below the permission matrix, there is one more check-box:

 

Allow user to change the name - if checked, users can change their name displayed with a forum post when entering the post; if unchecked, their user name will be used

 

devguide_clip0570

 

The following properties of the Forum group web part are also related to forum security:

 

Hide forum to unauthorized users - indicates whether forums for which the user has no permissions are visible for them in the list of forums in a forum group

Redirect unauthorized users - determines whether to redirect unauthorized users to the logon page or whether to display only an info message

Access denied page URL - URL where the user is redirected when trying to access forum for which they are not authorized