How to allow access to only one Context to an User?

Hello,

I’m trying to figure how can I create an user that will only have the right to see and modify resources belonging to a given context or resource set. Can anyone explain it to me cos i’m very confused by the user roles admin part?

I’m new to modx, and i currently test it to see if it would be suitable for me to manage multi-sites and gives to my clients the possibility to modify their content themselves. I’m using the following method to do multi site:
http://svn.modxcms.com/docs/display/revolution/Creating+a+Subdomain+from+a+Folder+using+Virtual+Hosts

Thanks

Quote from: captainherisson at Oct 09, 2009, 11:34 AM

I’m trying to figure how can I create an user that will only have the right to see and modify resources belonging to a given context or resource set. Can anyone explain it to me cos i’m very confused by the user roles admin part?

Well, do you want to protect the Resources by Context or by Resource Group? You can do one or both in MODx Revolution. I would start by reading the docs in the Security section starting with http://svn.modxcms.com/docs/display/revolution/ACLs and see if you have some more specific questions about it.

Thanks for the quick answer. I did read the docs, though i don’t get the context concept entirely because of the "mgr" context.

So basically i did created a new context "dev" with resources in it, and I need that an user could edit those resources without seeing the "web" context in the manager interface.

What i don’t understand is does that user have to have access to the "mgr" context in order to edit the "dev" context? Or do I have to create a Resource Group?

Quote from: captainherisson at Oct 09, 2009, 01:10 PM

So basically i did created a new context "dev" with resources in it, and I need that an user could edit those resources without seeing the "web" context in the manager interface.

Great - add a User Group, assign the User to it, give that User Group access to the ’dev’ context.

What i don’t understand is does that user have to have access to the "mgr" context in order to edit the "dev" context? Or do I have to create a Resource Group?

Yes; the ’mgr’ context is a special context in that it allows you to access the manager. However, if you created an interface made of Resources, snippets, etc, in your dev context so that someone could edit content from the front-end, you could feasibly only allow a user access to the ’dev’ context.

But I doubt you’ll be doing that, as that’s a lot of work. So, you’ll need to give that User Group access to the mgr context as well.

Thanks a lot

Quote from: splittingred at Oct 09, 2009, 02:29 PM

Quote from: captainherisson at Oct 09, 2009, 01:10 PM

So basically i did created a new context "dev" with resources in it, and I need that an user could edit those resources without seeing the "web" context in the manager interface.

Great - add a User Group, assign the User to it, give that User Group access to the ’dev’ context.

Be careful though, you’ll want to create a minimal "Context Access" Policy for this with just the attribute ’load’ set; this allows them to ’load’ the Context object you are targeting. Do not use the Administrator policy that is used for the mgr context, as this will allow access to content management features from the context you attach it to. So you just need to create this simple Context Access Policy to use when creating access to your dev context. Let me know if that doesn’t make sense.