Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

How to restrict some users to *not* edit a certain page within the whole tree? #1510

Closed
barsch opened this Issue Nov 13, 2012 · 5 comments

Comments

Projects
None yet
3 participants
Contributor

barsch commented Nov 13, 2012

I have a use case where some editors may add/edit pages in the whole CMS tree but may not change a certain child page of the root.

Adding add/edit page permissions (grant to all page descendants) and excluding the single child by setting another page permission without any rights does not work. Permissions set on the root node seems to overwrite any child page permissions. Any suggestions how to solve that? The restricted page itself is not static and should be only editable by a restricted user group.

Contributor

FrankBie commented Nov 13, 2012

You have to do your tree permission slicing manually.

Add all leaves to seperate groups - then put the users to the groups accordingly.
A - (root) - Group A Direct page only - Editor A
AB Group AB - page + descendants - Editor A
AC Group AC - page + descendants - Editor A
AD Group AD - page + descendants - Editor B

This way they are not able to break your root menu and you have granularity over the sections.

Thanks
Frank

Contributor

barsch commented Nov 13, 2012

Hi Frank,

thank you for your answer, unfortunatly it is no solution in my case, as the editor is allowed to add new childrens too - he just must not edit a certain sub-page but everything else (except root)

A - root (he may add children)
AB - one of his childs
AC - restricted page he may not edit
AD - one of his childs
...

Robert

Contributor

FrankBie commented Nov 13, 2012

Hi Robert try this one -
A - root (he may add children) - page + direct children only
AB - one of his childs
AC - one of his childs (but pointing as redirect to ACA) -> ACA (the protected page)

Frank

Contributor

barsch commented Nov 13, 2012

nice idea - but the menu consist of two layers so ACA is actually also a valid page where he may add content too

anyway redirecting is a way to circumvent the problem for now - however a "smart" user could just delete the AC page and recreate it and put whatever content he want ...

So I wonder why do local page permissions not overwrite root/ascendend page permissions? (we are not talking about global permissions - those should overwrite all others)

Collaborator

ojii commented Nov 13, 2012

will close this since it's not an issue but a question. in the future, please use our mailing list (https://groups.google.com/forum/?fromgroups#!forum/django-cms), the IRC channel or stackoverflow.

Should this be an issue, feel free to re-open (or ask me to re-open if you lack the permission).

@ojii ojii closed this Nov 13, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment