HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Calandar security.

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#18972 (In Topic #4409)
SMC
Avatar

Fan in training

Hello again. :D

Is there anyway to configure the calander to not allow anyone but a certain member group to add entries?

OR

Is there a way to make it such that everyone has their own personal calander and you cant subscribe the entire website to your entries? (as you can now)

I did a search on the calander in the tutorial and in the forums.

The tutorial I found said I could do this with the edit category feature but it was kind of vague.  For one thing there is no 'calender' entry in the categories edit page and for another there is no 'edit category' in the calender edit page.

I tried editing the event types and all it lets me edit is the name of the type and the icon.  No access list.

Did this security feature get changed and it just didnt get edited out of the tutorials? Or am I missing something?

Ive looked through my whole site and cant find any other refernces to the calandar besides at the bottom of each member's profile and that one web link on one of the menus.  (Which I have since deleted until we can secure it)

I cant even find a calander module entry to be able to disable it.  I may have to do security through obscurity and just leave it off the menues and hope no one hacks it by doing a direct http.

:(

I was really hoping to use the calander as a front page thing with a block command and be able to keep our users abrest of upcoming events in this way. But if everyone can add to it it would get real messy real quick.  I dont even understand why it doesnt go through the unvalidated submissions code.  I logged in as my generic test user and was able to add a general command, set a reminder and subscribe the entire website to the reminder. :( (Unless I did something wrong and it just looks like I did.)

I guess if I was a paying customer I would petition to get this 'fixed'. :D  Maybe if our paying customer required list gets long enough I can convince my group to pay for it sooner. :D

Back to the top
 
Posted
Rating:
#18977
Avatar

Absolutely anyone can petition for us to change things - we are more likely to listen to the customers, but often the non-customers have perfectly good points that we help our customers if we address.

The problem here is actually support - unfortuately we just can't give support to non-customers because then a large group of people would be disincentived to register. We will fix any problems, and say when things are changing in new versions, and update documentation with necessary though.

Validation is much more consistant in version 3. Permissions are overridable per-content type in version 3 (the calendar events are an example of a content type).

The tutorial I found said I could do this with the edit category feature but it was kind of vague.

I just checked and the calendar tutorial doesn't contain the work 'category'. I think you're looking at the catalogue tutorial by mistake.

No access list.

Think 'Specific permissions'. There's no per-type control, but there are permissions wrt various types of submission members might do.

I cant even find a calander module entry to be able to disable it.

Think 'Page access permissions'. Hint: ?page=calendar in the URL implies a page named calendar is in charge of it.

I was really hoping to use the calander as a front page thing with a block command and be able to keep our users abrest of upcoming events in this way.

It's in 3.

I logged in as my generic test user and was able to add a general command, set a reminder and subscribe the entire website to the reminder.

Just so we won't look bad I will say that for private events, the private event owner cannot set groups to be reminded. ;).


I'm sorry I can't be specific… I hate ignoring questions, but I just honestly can't give a good level of free support or the majority of otherwise-paying users would be happy to not contribute to our wages.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#18981
SMC
Avatar

Fan in training

Thats alright, well, ignore me when you have to. I wont take offense.  I am sure we will be a paying customer soon enough.

I did find the permissions page. No clue how I totally missed that part of the website.  Makes life a lot easier in several respects.

I also some how totally missed the specific permissions page.  I think when I was going through the menus I thought that did something else with the security. That page that pops up the blank white login that says use this if your site is fubar or whatever. (My translation :D)

Btw, for reference, this is the page that I read what I *thought* said there were categories for calenders, hence the reason I was looking for them:

ocPortal Tutorial: Access control and privileges

This area here says: (__ my emphasis for note)

Editing __category__ permissions:

Group access permissions exist for just about any type of __category__ ocPortal provides: from __calendar entry types__ to news categories, you can easily set the group access permissions through the __ category edit page __ . In this example, we'll change the group access permissions for a news category.

Stringing those together and I thought it was talking about using categories to restrict access to the calander entry types.

Anyway, that might confuse someone else unless I just misread something.

Back to the top
 
Posted
Rating:
#18992
Avatar

I can see why that'd be confusing. It's all very abstract, talking in general about how categories access can be done.

In ocPortal 3 though, there's now a single editor, the permission tree editor, which can edit all category permissions. I believe I've updated the documentation for 3 to say that.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: