Permissions on a page type within the tree

Duncan Koza asked on May 23, 2020 00:37

Hi,

I am setting up permissions on my site and am wondering if there is a solution for the following:

I want a user to have the permission to read, modify, create and delete the File Page Type below but only when it is under the News Article Page Type as seen in Example 2 below. The issue is that the the article doesn't exist yet until the user makes it. Also, I tried to apply read, modify, create and delete on the News Folder Page Type below but I don't want the user to be able to edit or delete that page type.

Example 1

  • Main Page Type
    • Folder Page Type
      • File Page Type

Example 2

  • News Folder Page Type
    • News Article Page Type
      • File Page Type

Thank for any help in advance.

Correct Answer

Juraj Ondrus answered on May 27, 2020 07:28

I see - you do not want the parent page to be edited but when a page is created, you want to have it some permissions already. In this case, use either a global event handler and set the ACL permissions using API in the before insert event or, add a "middle-layer" or some container page into the tree structure. For the current parent page type disallow permissions and then, on the container page set the ACLs which should be then inherited by the other child pages.

0 votesVote for this answer Unmark Correct answer

Recent Answers

Juraj Ondrus answered on May 25, 2020 11:55

You can use the ACL permissions on one of the parent pages. Then, when a child page is created, the permissions are automatically inherited. If the parent page is a different page type, then set the permissions for given page type so the user cannot edit those pages. This means, you will remove the permissions for all content for given role and go deeper - set the permissions for all page types individually.

0 votesVote for this answer Mark as a Correct answer

Duncan Koza answered on May 26, 2020 15:46

ok,

So, I have given ACL permissions of Read, Modify, Create and Delete to my 'News Editor' role on my News List Page Type in my tree because it is the only one that stays constant.

  • News List Page Type
    • News Folder Page Type (A new one gets created every year by a specific different Role)
      • Article Page Type (A new one gets created by the News Editor Role)
        • File Page Type (Can be created by the News Editor Role)

I don't see a way to deny the role from modifying or deleting my News List and News Folder Page Types within the page type or all content permissions. Am I suppose to see a deny option option there? I am ok with giving full access to the Article Page type to that specific role because it only appears there, but I don't want to apply Full access to the File Page Type because that doesn't that mean that role will be able to modify or delete that page time anywhere on the site.

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on May 26, 2020 17:44

In the page types or all content permissions matrix, no premission = deny. In other words, you need to allow given action. If not allowed/ticket then deny permission is applied.

0 votesVote for this answer Mark as a Correct answer

Duncan Koza answered on May 26, 2020 18:21

ok, but I thought the way the permission matrix worked was that only one allow permission needs to be set. If I have already allowed at the ACL permission level, then having unchecked permissions (like Modify/Delete) at the content or page type levels won't matter.

0 votesVote for this answer Mark as a Correct answer

Duncan Koza answered on May 27, 2020 18:24

Thank you Juraj.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.