Kentico CMS 7.0 Developer's Guide

Security

Security

Previous topic Next topic Mail us feedback on this topic!  

Security

Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

Message board

 

Based on the Access and Message board owner properties of the Message board web part, you can determine who will be allowed to add new messages to the board.

 

 

 

Changing the values

 

Remember that once the message board is created (after inserting first message or subscribing), you cannot make changes to these settings in the New board settings section of web part properties. You can only modify values of the Access property on the Security tab when editing the corresponding message board in CMS Desk -> Tools -> Message boards.

 

 

The following table explains who can add messages to the board under particular configurations. The difference between User and Public boards is that Public boards are always related to a document, while User boards are always related to a document and a user.

 

Public boards are typically used when you want multiple users to post messages to it. User boards are typically used on user profiles, as you can see on the Community starter site sample website, on the Members -> Profile page.

 

Message board owner

Access

Anonymous user

Authenticated user

Authorized role

Owner

Owner in authorized role

Public board

All users

Yes

Yes

Yes

Yes

Yes

Public board

Authenticated users

 

Yes

Yes

Yes

Yes

Public board

Authorized roles

 

 

Yes

 

Yes

Public board

Owner

 

 

 

Yes

Yes

User

All users

Yes

Yes

Yes

Yes

Yes

User

Authenticated users

 

Yes

Yes

Yes

Yes

User

Authorized roles

 

 

Yes

 

Yes

User

Owner

 

 

 

Yes

Yes

 

When a board is in the User x Owner configuration, the following conditions need to be met in order for the current user to be able to post messages:

 

the page must be accessed with userid or username parameter in querystring

the current user must be the same as the one whose userid or username is passed in querystring

the current user must not be hidden (configured by the Is hidden option when editing the user)

 

This can be typically used on user profiles, where messages to such board can be posted only by the owner of the profile, while other users can only read these messages. An example of such board is the MessageBoardAnnouncements board on the /Members/Profile page of the sample Community Site.

 

Group message board

 

The Group message board is always related to some group, hence only the Access property can be set. You can see a typical usage of this web part on the Community starter site sample website, on the Groups -> Profile page.

 

Access

Anonymous user

Authenticated user

Authorized role

Group member

Group member in authorized role

Group admin

All users

Yes

Yes

Yes

Yes

Yes

Yes

Authenticated users

 

Yes

Yes

Yes

Yes

Yes

Authorized roles

 

 

Yes

 

Yes

Yes

Group members

 

 

 

Yes

Yes

Yes

Group admin

 

 

 

 

 

Yes

 

When the Group members option is set, the following conditions need to be met in order for the current user to be able to post messages:

 

the page must be accessed with groupid parameter in querystring

the current user must be member of the group whose groupid is in the querystring

the current user must not be hidden (configured by the Is hidden option when editing the user)

 

This can be typically used on group profiles, where messages to such board can be posted only by members of the group, while other users can only read these messages. An example of such board is the GroupMessageBoard board on the /Group-pages/<group name> page of the sample Community Site.

 

Permissions

 

Permissions for access to Message boards administration interface can be set in Site Manager -> Administration -> Permissions. You have to select the Modules -> Message boards permission matrix.

 

Modify - members of the roles are allowed to edit message board settings, delete the boards and manage message board posts

Read - selected role members are allowed to read the records and configuration of particular message boards, but are not allowed to modify them

 

devguide_clip0431