Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Added documentation for page permission management
  • Loading branch information
kux committed Sep 18, 2012
1 parent 35f76b0 commit 074041a
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 0 deletions.
56 changes: 56 additions & 0 deletions docs/advanced/permissions_reference.rst
@@ -0,0 +1,56 @@
##########
Permissions
##########

In django-cms you can set two types of permissions:

1. View restrictions for restricting view access to regular users
2. Page permissions for allowing staff users to only have rights on certain sections of the site

To enable these features, ``settings.py`` requires:

CMS_PERMISSION = True

*****************
View restrictions
*****************

View restrictions can be set-up from the *View restrictions* formset on any cms page.
Once a page has at least one view restriction installed, only users with granted access will be able to see that page.
Mind that this restriction is for viewing the page as an end-user (frontend view), not viewing the page in the admin interface!

View restrictions are also controlled by the *CMS_PUBLIC_FOR* setting. Possible values alre ``all`` and ``staff``.
This setting decides if pages without any view restrictions are public to everyone or staff only.


****************
Page permissions
****************

After setting ``CMS_PERMISSION = True`` you will have three new models in the admin index:

1. Users (page)
2. User groups (page)
3. Pages global permissions

Using *Users (page)* you can easily add users with permissions over cms pages.

You would be able to create an user with the same set of permissions using the usual *Auth.User* model, but using *Users (page)* is more convenient.

A new user created using *Users (page)* with given page add/edit/delete rights will still not be able to make any changes to pages straight away.
He must first be assinged to a set of pages over which he may exercise these rights.
This is done using the *Page permissions* formset on any page.

The *Page permission* formset has multiple checkboxes defining different permissions: can edit, can add, can publish, can move and can change permission.
These define what kind of actions the user/group can do on the pages on which the permissions are being granted through the *Grant on* dropdown.

*Can change permission* referes to whether the user can change permissions to his subordinate users. Bob is the subordinate of Alice if one of:

* Bob was created by Alice
* Bob has has at least one page permission set on one of the pages on which Alice has the *Can change permissions* right


**Note:** Mind that even though a new user created using *User (page)* has rights to change a page, that doesn't give him the right to add a plugin within that page.
In order to be able to add/change/delete plugins on any page, you will need to go through the usual *Auth.User* model and give the new user permissions to each plugin you want him to have access to.
For example, if you want the new user to be able to use the text plugin, you will need to give him the following rights: ``text | text | Can add text``, ``text | text | Can change text``, ``text | text | Can delete text``.

1 change: 1 addition & 0 deletions docs/index.rst
Expand Up @@ -39,6 +39,7 @@ Advanced
advanced/sitemap
advanced/templatetags
advanced/cli
advanced/permissions_reference


*****************
Expand Down

0 comments on commit 074041a

Please sign in to comment.