-
- 898 Posts
As a followup to this post:
http://modxcms.com/forums/index.php/topic,66118.msg373061.html#msg373061
Let’s say I have 2 users
1. GiraffeOwner
2. PuppyOwner
I have separate templates for each owner. How can I keep GiraffeOwner from seeing the templates I created for PuppyOwner (and vice versa)
Q1. Should I give each user a ’category’ (giraffeowner.com)? And somehow hide that category of templates from everyone else?
Q2. or Is there a way to assign a template to a context?
How do you guys do it?
I’d avoid using contexts for this -- I think "jailing" each template in a category is probably the easiest solution. Create a User Group for "Giraffe Owners" and another for "Puppy Owners", then grant access to the respective "Giraffe" and "Puppy" categories. Under Security --> Access Controls, right-click each User Group and edit the "Element Category Access" for each.
-
- 898 Posts
Thanks Everett,
Follow-up question:
Would this make that category exclusive?
For example, I actually have 4 admins (MonkeyO, CheetahO)
I only want MonkeyO to see items under their category (monkeyo.com). Will what you described make this work? Or will i need to point-and-click and remove-access for the other categories?
So you have to ask "do you REALLY have 4 admins?" Their status as "admins" is determined by which User Group(s) they are members of. So you can create a couple copies of the built-in Admin user groups and give those user groups the permissions to do all the admin related stuff EXCEPT to monkey with the templates (there’s a page floating around somewhere that describes how to copy a permissions schema). For the rule regarding templates, you’d have another line-item in the User Group’s ACL that would grant access to Element by Category as described previously.
In a nutshell, all the permissions rules are associated with the User Group -- all the ties to particular resource groups, all the green-lights for different contexts, etc. are defined at the User Group level. So once you get that set up, then you only have to make a user a *member* of the given User Group and they will be granted all the rights/privileges that have been granted to the User Group.
The one footnote to that is you can cut down on the # of User Groups by making use of the "Role" parameter, so you can say "only users with a minimum role of _____ can have access to that Resource Group or to that Context". In other words, everything you do with roles could be accomplished by additional User Groups. Make sense?
-
- 898 Posts
Thanks everett,
Yes that does make sense. So this is possible and how I’d do it?
-------- User Groups --------
User Group 1: monkeyo.com
- Element Category Access: only monkeyo-cat
User Group 2: cheetaho.com
- Element Category Access: only cheetaho-cat
-------- Categories --------
Category 1: monkeyo-cat
Category 2: cheetaho-cat
-------- Users --------
User 1: monkeyAdmin
Assigned to UG: ’monkeyo.com’;
User 2: cheetahAdmin
Assigned to UG: ’cheetaho.com’;
Is this right?