Elxis CMS Forum
Support => Security => Topic started by: jorgebravoc on October 26, 2011, 00:23:11
-
Hi there,
Is there a way to control what a Publisher can access to? Let`s say that I want a publisher to be able to publish (approve) articles from the backend. When I login as a Publisher I can see the different Menus and also the different Categories and Sections, and also I can add or delete inside those areas... I want a Publisher to just be able to see the Sumitted Content Area of the Com_Content and be able to see the articles and publish them so the rest of the site`s content structure is not at risk by an accidental or nonaccidental deletion or addition of categories, content, or menu itmes...
Anybody?
-
Hello jorgebravoc,
You can create a new group and edit the permission of that group.
[Administrator area] Site -> Access Manager -> [Create a new] Group -> [Edit] the permissions of it.
It is recommended to create a new group than editing the existing one.
Create, edit the permissions, create a new test account, assign the account to that group etc...
-
hello,
yes, I have created a group with the minimun access with only, basically View components, Add, Edit.. but in the Administration it only has Login and Manage Com_content permission.
The problem is that when I give access to the com_content in the backend the Menus and Sections and Categories show up.... What I'm trying to do is to give access only to the Submitted content area and maybe the Artcicles but I dont want to give access to the menus and sections and categories as someone may add or delete one of the sections or categories or create an autonomous pages.
-
jorgebravoc,
No real need to create a new group unless you want to declare a different access level.
I think that you want to look at this. http://wiki.elxis.org/wiki/User_Manager#User_Access_Levels_Front-End (http://wiki.elxis.org/wiki/User_Manager#User_Access_Levels_Front-End)
Then when a authorized user such as an author or editor writes and submits content, the publisher can editor or the publisher can see what has been submitted by going to the menu bar in the back-end, click on Content -> Submitted Content and they can view and edit it.
The publisher has the right to actually publish the content.
-
that's exactly what I want but the problem I see is that when you have access to the backend you seem to have access to the Sections and Categories plus the Menus of the website.. my fear is that a publisher may be able to delete an entire section, or category, or add menu items....
I want to be able to give access ONLY to the Submitted content area from the backend... nothing more than just the Submitted Content.
-
Is there a special reason that you want them to have publisher access rather than author?
-
I have a community with 25 authors, 5 publishers and me the super administrator. So I do the design and maintenance of the website and I control the sections and categories also the menus and the graphic aspect. The authors are writers that submit articles for one of the five areas of the website. So there is a publisher for each area... area means geographical area... so the 5 publishers that are far away from each other should be able to see the submitted articles from the back end and publish them but the should NOT be able to edit, add, or delete and of the sections, categories or menu itmes as those are aspects that only the Super Administrator should be able to alter.
-
Hello
I have been thinking about your request but there is a conflict between the permission groups of the back-end with the front-end for what you want to do.
I have a community with 25 authors, 5 publishers, and me the super administrator.
The authors are writers that submit articles for one of the five areas of the website.
Publishers should be able to see the submitted articles from the back end and publish them but the should NOT be able to edit, add, or delete and of the sections, categories or menu items as those are aspects that only the Super Administrator should be able to alter.
I tried to solve the problem 2 ways:
The first by creating a new group in the Elxis ACL Access Control List and then adding access rights, and then creating a new user.
The second by using a similar method as the first and then creating a new User Menu item to use the front-end for the user account.
Both methods failed. I believe that what you need is a menu access control but that would mean modifying the ACL, and that is not a good idea.
You might want to ask the moderator if something can be done otherwise you will have to use the standard publisher access rights. The method that you need may be available in the new version of Elxis when it is released.
-
I figured... as I have tried in many different ways but the only way I see is to modify the core of Elxis structure and that is too much of a risk as I am not a PHP expert. I really hope this case serves as an example of what elxis should look into for the next release. There has to be an access level where you can monitor what the authors are submitting and be able to aprove the articles without having access to the entire content component because one may accidentally or purposely delete, add or edit any of the sections, categories or menu items and that can develop into a huge mess at the front end.
Thanks a lot... I´ll have to deny backend access to everybody and I´ll have to be the one that aproves all the articles..... man what a drag... but hopefully the Elxis Team will consider this need along with the many other needs Elxis users have :)
Have a nice day