Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCU-365

AccessControlProvider settings


    • Icon: Task Task
    • Resolution: Done
    • Icon: Neutral Neutral
    • mid term
    • mid term
    • content
    • None

      It is possible now to set the Permission class of MagnoliaAccessProvider.
      The default permission class is info.magnolia.cms.core.DefaultACLBasedPermissions. This class is used when any permission class is specified or when user set class which can be used.
      Magnolia 4.5.8 introduces new info.magnolia.cms.core.NodeTypeBasedPermissions class. This or any class extended from DefaultACLBasedPermissions can be used.

      To set the permission class for website workspace:
      Go to apache-tomcat-6.0.32/webapps/magnoliaAuthor/repositories/magnolia/workspaces/website/workspace.xml:

      <Workspace name="website">
            	<AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider">
      	      <param name="permissionsClass" value="info.magnolia.cms.core.NodeTypeBasedPermissions"/>
            	      <param name="nodeTypes" value="mgnl:page"/>

      1] Set the parameters permissionsClass to your own permission class (here is used NodeTypeBasedPermissions class).
      2] Set the nodeType from which you want take permissions. You can use more node types separated by commas (see MgnlNodeTypes for available node types);

      How does NodeTypeBasedPermissions class work:

      We want to set read/write access to /demo-project and only read access to /demo-project subpages for some users. Users cannot edit also /demo-project page by default (using DefaultACLBasedPermissions). This is because they need to read/write access to content nodes and MetaData of /demo-project also.
      By using NodeTypeBasedPermissions class with nodeTypes setted to mgnl:page it works like this:
      Access request for /demo-project/MetaData check if /demo-project/MetaData is of type mgnl:page. It isn't so it continues to parent node /demo-project. It has the type mgnl:page and returns access right to this node, so /demo-project/MetaData is accessible.
      You can for example avoid the issue http://jira.magnolia-cms.com/browse/MAGNOLIA-4729 this way.

      How to create your own permission class:

      1] Extend DefaultACLBasedPermissions class.
      2] Create its constructor. Constructor must have the exact same arguments like constructor of DefaultACLBasedPermissions:
      public DefaultACLBasedPermissions(List<Permission> permissions, SessionImpl systemSession, Map<?, ?> configuration).
      You can add any parameters you want for your own implementation of permission class. Similar like nodeTypes parameter mentioned above. Then you can get it from Map<?, ?> configuration.
      3] Override the methods 'canRead' and 'access' with your own implementation.

        Acceptance criteria

              Unassigned Unassigned
              rkovarik Roman Kovařík
              0 Vote for this issue
              2 Start watching this issue


                  Task DoR