So as of right now I just have a page that I use locally to change objects. How can I go about creating a page that is only visible to the admin user. Using roles you can restrict access to certain objects but Im not sure the best way to include a page in your application that is only visible to certain users. Thanks for any help
Create an AccessRole (or similar) class that you can use for this, then show or hide the link/button (from menu or whatever) to open that page. Users who are not members of the Admin role does not see the button/link/menu option.
In the AccessRole class, you have a "users" column where you store an array of users that are members of the role, and a "name" column for the role name (Admin, Editor, Reader etc).
When your application starts, you check if the user is a member of the Admin role (which should be temporarily stored locally).
Related
We use custom fields in our trackers to have, for example, the list of customers so we can identify the customer requesting something.
Every time we have a new customer we need to add a new value to this custom field.
Is it possible to give permissions to a normal user so he can do this by himself or does he need to be an admin as this feature is under the Administration menu?
It is not possible because normal users don't have access to administrator options. A possible solution is when you create new normal users make them with admin role.
First, sorry for my poor english.
I'm trying to make a Django system that supports different admins to get the same admin panel, but showing them different objects, that belong to the same CustomModel.
Example:
First step: --> Login
Seconds step: --> Redirect to admin panel (django.contrib.admin.site)
and.. nothing else.
The problem is that I don't know how to show in that panel the objects that corresponds to the logged admin.
Thanks! Gracias!
This is where Django Permissions enter the picture
Django comes with a simple permissions system. It provides a way to
assign permissions to specific users and groups of users.
It’s used by the Django admin site, but you’re welcome to use it in
your own code.
The Django admin site uses permissions as follows:
Access to view the “add” form and add an object is limited to users
with the “add” permission for that type of object. Access to view the
change list, view the “change” form and change an object is limited to
users with the “change” permission for that type of object. Access to
delete an object is limited to users with the “delete” permission for
that type of object.
If you give a staff user permissions to work with only a certain type of object, that's all that he will see in the admin area.
If you have lots of different admin, you can put them into groups and grant permissions for the groups.
What I would like to do is to set view permissions of certain parts of the site depending on the user (that is easy using permissions and guardian).
I have a set of buttons across the top of the page. For one or two buttons I want to set permissions for only a few users or groups to be able to see that button. That part is fine (using guardian).
Each button is related to a model instance. The model has a view_button permission. Is there a way to have the view_button permission be default to True if the permissions is empty? Or, is there a way of saying has_perm be True for all users?
Maybe I could just create a static method within the model that does that check for me. Is there a better way to do it?
I'm using Sitecore 7.2 and trying to allow a user to set things like datasources and some custom parameters on sublayouts in page editor mode. The user is a member of sitecore\Designer and sitecore\Author, but when that user tries to edit the component properties, the fields appear grayed out/disabled.
I am able to enable these options by setting a user as an admin, but don't want to grant quite that much power to this particular user.
Here is how tried it and it works on Sitecore 7.2
Create a new user called cbarnes (and in your case if there are other content editors)
Create a new Role - call it say SP Content Editor Authoring
Make that role a member of sitecore\Author and sitecore\Designer. This way it inherits everything from those two roles.
Make the user cbarnes one of the members of that role.
Lastly go to the security editor and give Write permission on the item after selecting the SP Content Editor Authoring Role under Roles and Users section.
Login as cbarnes user and check if it work!
Let us know if this works for you. Happy Sitecoring!
I actually ran into this same issue today on a 7.2 project. While my user had both the sitecore\Designer and sitecore\Author roles as a part of a client-specific author role I created, they were not able to edit rendering parameters.
By default, users in these roles have read-only access the Sitecore\Templates folder. Within this folder I had an additional folder named "Rendering Parameters" where I stored all my rendering parameters templates. I added Write access to the client-specific role for my "Rendering Parameters" template folder and users in that role can now edit and save rendering parameters without elevated permissions.
Use "Access Viewer" tool from Sitecore start menu to define why your user does not have required rights.
By default both roles sitecore\Designer and sitecore\Author have field read and field write access to Layout template section fields. But, it seems that roles have only read access to item that you are trying to edit. You can add write access to that item.
For more details look at Security Administrator´s Cookbook
Is there any way to restrict access to a specific field on an item in Sitecore? We have a setup where an anonymous, non-authenticated user should be allowed to read one field ("FreeContent") and any authenticated user should see another field ("FullContent"). Setting Field Read / Item Read to deny in the template editor does not work, I'm guessing because the security then applies to that portion ("the field") of the template, not the content item itself.
We could, of course check if the user is authenticated and set the Field property of the control to "FreeContent" but we'd really like to be able to control from Sitecore which fields are open to all and which are not.
Is it possible at all, or do I need to implement this myself?
You were doing it right - Field read/write settings on the data template is how to set access to specific fields in items.
See p14.
You might need to republish the site and clear caches etc.
Otherwise check with the access viewer to make sure your various roles have correct access.