Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EZP-29748 Replacing the outdated verbiage of eZ Publish from eZ Platform when adding a Policy #463

Merged
merged 3 commits into from Nov 22, 2018
Merged

EZP-29748 Replacing the outdated verbiage of eZ Publish from eZ Platform when adding a Policy #463

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f1c8a33
replace outdated names
MagdalenaZuba Nov 22, 2018
bf93323
update
MagdalenaZuba Nov 22, 2018
f171c6b
update
MagdalenaZuba Nov 22, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
34 changes: 17 additions & 17 deletions docs/guide/limitations.md
View file
Open in desktop
Expand Up @@ -7,7 +7,7 @@ Limitations consist of two parts:
- `Limitation` (Value)
- `LimitationType`

Certain Limitations also serve as Role Limitations, which means they can be used to limit the rights of a Role assignment. Currently this covers `Subtree` and `Section` Limitations.
Certain Limitations also serve as Role Limitations, which means they can be used to limit the rights of a Role assignment. Currently this covers `Subtree of Location` and `Section` Limitations.

`Limitation` represents the value, while `LimitationType` deals with the business logic surrounding how it actually works and is enforced.
`LimitationTypes` have two modes of operation in regards to permission logic (see `eZ\Publish\SPI\Limitation\Type` interface for more info):
Expand Down Expand Up @@ -38,12 +38,12 @@ If a function is absent from the tables below, it means that no Limitations can

#### Content

|Functions|Class|Section|Owner|Node|Subtree|Group|Language|Other Limitations|
|Functions|Content Type|Section|Owner|Location|Subtree of Location|Group|Language|Other Limitations|
|------|------|------|------|------|------|------|------|------|
|read|true|true|true|true|true|true|-|State|
|diff|true|true|true|true|true|-|-|-|
|view_embed|true|true|true|true|true|-|-|-|
|create|true|true|-|true|true|-|true|ParentOwner</br>ParentGroup</br>ParentClass</br>ParentDepth|
|create|true|true|-|true|true|-|true|Owner of Parent</br>Content Type Group of Parent</br>Content Type of Parent</br>Parent Depth|
|edit|true|true|true|true|true|true|true|State|
|manage_locations|true|true|true|-|true|-|-|State|
|hide|true|true|true|true|true|true|true|State|
Expand All @@ -56,13 +56,13 @@ If a function is absent from the tables below, it means that no Limitations can

|Function|Limitations|
|------|------|
|assign|Class</br>Section</br>Owner</br>NewSection|
|assign|Content Type</br>Section</br>Owner</br>NewSection|

#### State

|Function|Limitations|
|------|------|
|assign|Class</br>Section</br>Owner</br>NewSection|
|assign|Content Type</br>Section</br>Owner</br>NewSection|

#### User

Expand Down Expand Up @@ -113,7 +113,7 @@ A Limitation to specify if the User has access to Content with a specific Conten

| | |
|-----------------|--------------------------------------------------------------------------|
| Identifier | `Class` |
| Identifier | `Content Type` |
| Value Class | `eZ\Publish\API\Repository\Values\User\Limitation\ContentTypeLimitation` |
| Type Class | `eZ\Publish\Core\Limitation\ContentTypeLimitationType` |
| Criterion used | `eZ\Publish\API\Repository\Values\Content\Query\Criterion\ContentTypeId` |
Expand Down Expand Up @@ -149,7 +149,7 @@ A Limitation to specify if the User has access to Content with a specific Locati

| | |
|-----------------|-----------------------------------------------------------------------|
| Identifier | `Node` |
| Identifier | `Location` |
| Value Class | `eZ\Publish\API\Repository\Values\User\Limitation\LocationLimitation` |
| Type Class | `eZ\Publish\Core\Limitation\LocationLimitationType` |
| Criterion used | `eZ\Publish\API\Repository\Values\Content\Query\Criterion\LocationId` |
Expand Down Expand Up @@ -242,11 +242,11 @@ A Limitation to specify that only the owner of the Content item gets the selecte

A Limitation to specify if the User has access to Content whose parent Location contains a specific Content Type, used by `content/create`.

This Limitation combined with `ContentType` Limitation allows you to define business rules like allowing Users to create "Blog Post" within a "Blog." If you also combine it with `ParentOwner` Limitation, you effectively limit access to create Blog Posts in the Users' own Blogs.
This Limitation combined with `ContentType` Limitation allows you to define business rules like allowing Users to create "Blog Post" within a "Blog." If you also combine it with `Owner of Parent` Limitation, you effectively limit access to create Blog Posts in the Users' own Blogs.

| | |
|-----------------|--------------------------------------------------------------------------------|
| Identifier | `ParentClass` |
| Identifier | `Content Type of Parent` |
| Value Class | `eZ\Publish\API\Repository\Values\User\Limitation\ParentContentTypeLimitation` |
| Type Class | `eZ\Publish\Core\Limitation\ParentContentTypeLimitationType` |
| Criterion used | n/a |
Expand All @@ -258,13 +258,13 @@ This Limitation combined with `ContentType` Limitation allows you to define busi
|------|------|------|
|`<ContentType_id>`|`<ContentType_name>`|All valid Content Type IDs can be set as value(s)|

### ParentDepthLimitation
### Parent Depth Limitation

A Limitation to specify if the User has access to creating Content under a parent Location within a specific depth of the tree, used for `content/create` permission.

| | |
|-----------------|--------------------------------------------------------------------------|
| Identifier | `ParentDepth` |
| Identifier | `Parent Depth` |
| Value Class | `eZ\Publish\API\Repository\Values\User\Limitation\ParentDepthLimitation` |
| Type Class | `eZ\Publish\Core\Limitation\ParentDepthLimitationType` |
| Criterion used | n/a |
Expand All @@ -276,13 +276,13 @@ A Limitation to specify if the User has access to creating Content under a paren
|------|------|------|
|`<int>`|`<int>`|All valid integers can be set as value(s)|

### ParentOwnerLimitation
### Owner of Parent Limitation

A Limitation to specify that only the Users who own all parent Locations of a Content item get a certain access right, used for `content/create` permission.

| | |
|-----------------|--------------------------------------------------------------------------|
| Identifier | `ParentOwner` |
| Identifier | `Owner of Parent` |
| Value Class | `eZ\Publish\API\Repository\Values\User\Limitation\ParentOwnerLimitation` |
| Type Class | `eZ\Publish\Core\Limitation\ParentOwnerLimitationType` |
| Criterion used | n/a |
Expand All @@ -301,7 +301,7 @@ A Limitation to specify that only Users with at least one common *direct* User G

| | |
|-----------------|------------------------------------------------------------------------------|
| Identifier | `ParentGroup` |
| Identifier | `Content Type Group of Parent` |
| Value Class | `eZ\Publish\API\Repository\Values\User\Limitation\ParentUserGroupLimitation` |
| Type Class | `eZ\Publish\Core\Limitation\ParentUserGroupLimitationType` |
| Criterion used | n/a |
Expand Down Expand Up @@ -353,13 +353,13 @@ A Limitation to specify to which SiteAccesses a certain permission applies, used

`SiteAccess` Limitation is deprecated and is not used actively in Public API, but is allowed for being able to read / create Limitations for legacy.

### SubtreeLimitation
### Subtree of Location Limitation

A Limitation to specify if the User has access to Content within a specific subtree, in case of `content/create` the parent subtree is evaluated.
A Limitation to specify if the User has access to Content within a specific Subtree of Location, in case of `content/create` the parent Subtree of Location is evaluated.

| | |
|-----------------|----------------------------------------------------------------------|
| Identifier | `Subtree` |
| Identifier | `Subtree of Location` |
| Value Class | `eZ\Publish\API\Repository\Values\User\Limitation\SubtreeLimitation` |
| Type Class | `eZ\Publish\Core\Limitation\SubtreeLimitationType` |
| Criterion used | `eZ\Publish\API\Repository\Values\Content\Query\Criterion\Subtree` |
Expand Down
18 changes: 9 additions & 9 deletions docs/guide/permissions.md
View file
Open in desktop
Expand Up @@ -60,15 +60,15 @@ Note that without eZ Enterprise this setup should not be used, as it will not al

#### Restrict editing to part of the tree

If you want to let the User create or edit Content, but only in one part of the content tree, you need to use Limitations. Three Limitations that could be used here are `Section` Limitation, `Node` Limitation and `Subtree` Limitation.
If you want to let the User create or edit Content, but only in one part of the content tree, you need to use Limitations. Three Limitations that could be used here are `Section` Limitation, `Location` Limitation and `Subtree of Location` Limitation.

Let's assume you have two Folders under your Home: Blog and Articles. You can let a User create Content for the blogs, but not in Articles by adding a `Subtree` Limitation on the Blog Content item. This will allow the User to publish content anywhere under this Location in the structure.
Let's assume you have two Folders under your Home: Blog and Articles. You can let a User create Content for the blogs, but not in Articles by adding a `Subtree of Location` Limitation on the Blog Content item. This will allow the User to publish content anywhere under this Location in the structure.

A `Section` Limitation can be used similarly, but a Section does not have to belong to the same subtree in the content structure, any Locations can be assigned to it.
A `Section` Limitation can be used similarly, but a Section does not have to belong to the same Subtree of Location in the content structure, any Locations can be assigned to it.

If you add a `Node` Limitation and point to the same Location, the User will be able to publish content directly under the selected Location, but not anywhere deeper in its subtree.
If you add a `Location` Limitation and point to the same Location, the User will be able to publish content directly under the selected Location, but not anywhere deeper in its Subtree of Location.

Note that when a Policy has more than one Limitation, all of them have to apply, or the Policy will not work. For example, a `Location` Limitation on Location `1/2` and `Subtree` Limitation on `1/2/55` cannot work together, because no Location can satisfy both those requirements at the same time. If you want to combine more than one Limitation with the *or* relation, not *and*, you can split your Policy in two, each with one of these Limitations.
Note that when a Policy has more than one Limitation, all of them have to apply, or the Policy will not work. For example, a `Location` Limitation on Location `1/2` and `Subtree of Location` Limitation on `1/2/55` cannot work together, because no Location can satisfy both those requirements at the same time. If you want to combine more than one Limitation with the *or* relation, not *and*, you can split your Policy in two, each with one of these Limitations.

#### Multi-file upload

Expand All @@ -81,8 +81,8 @@ To enable upload, you need you set the following permissions:

You can control what Content items can be uploaded and where using Limitations on the `content/create` and `content/publish` Policies.

A Node Limitation limits uploading to a specific Location in the tree. A Class Limitation controls the Content Types that are allowed.
For example, you can set the Node Limitation on a "Pictures" Folder, and add a Class Limitation
A Location Limitation limits uploading to a specific Location in the tree. A Content Type Limitation controls the Content Types that are allowed.
For example, you can set the Location Limitation on a "Pictures" Folder, and add a Content Type Limitation
which only allows Content items of type "Image". This ensures that only files of type "image" can be uploaded,
and only to the "Pictures" Folder.

Expand Down Expand Up @@ -130,7 +130,7 @@ Additional Policies are needed for each section of the Admin.

##### Content Types

- `class/create`, `class/update`, `class/delete` to add, modify and remove Content Types
- `Content Type/create`, `Content Type/update`, `Content Type/delete` to add, modify and remove Content Types

##### Object States

Expand Down Expand Up @@ -171,7 +171,7 @@ Users are treated like other Content, so to create and modify them the User need
|   | `pendinglist` | unused |
|   | `restore` | restore content from Trash |
|   | `cleantrash` | empty the trash |
| `class` | `update` | modify existing Content Types. Also required to create new Content Types |
| `Content Type` | `update` | modify existing Content Types. Also required to create new Content Types |
|   | `create` | create new Content Types. Also required to edit exiting Content Types |
|   | `delete` | delete Content Types |
| `state` | `assign` | assign Object States to Content items |
Expand Down
4 changes: 2 additions & 2 deletions docs/tutorials/platform_beginner/7_enable_account_registration.md
View file
Open in desktop
Expand Up @@ -192,8 +192,8 @@ Now add the following Policies to the Contributors Role.
- User/Password
- Content/Read
- Content/Versionread
- Content/Create with Limitations: Class limited to Ride and Landmark Content Types and subtree to the `Member Rides`
- Content/Publish with Limitations: Class limited to Ride and Landmark Content Types and subtree to the `Member Rides`
- Content/Create with Limitations: Content Type limited to Ride and Landmark Content Types and Subtree of Location to the `Member Rides`
- Content/Publish with Limitations: Content Type limited to Ride and Landmark Content Types and Subtree of Location to the `Member Rides`
- Content/Edit with Limitation: Owner limited to `Self`
- Section/View
- Content/Reverserelatedlist
Expand Down