Help with permissions

I've been reading through the Security document
(http://www.bricolage.cc/docs/current/api/Bric/Securit
y.html) in hopes
of learning about permissions, and I'm stuck.  I'm trying to
do the
following:

 

-I have two desks: edit and publish

-I have two user groups: contributors and publishers (not
including all
the default "All *" groups)

-I have two users: A (a contributor) and B (a publisher)

-All other group areas are default and just have the
"All *" group

-I want to setup my workflow such that a contributor can
recall, create,
edit, and read the edit desk but only view the publish desk

 

First, is this possible?  Second, if so, then how could I go
about doing
it?  I've done a lot of fiddling and I can't seem to figure
this out.  I
haven't been able to get user A to find an existing story or
create a
new one.

 

Thanks in advance!

Alex

 

Apologizes for not keeping up with my list email - some of
this was
answered in other threads.  I do, however, not understand
permissions
from a very fundamental level, so any/all help is greatly
appreciated.

Thanks again!

Alex

-----Original Message-----
From: Alex Loddengaard [mailto:alex.loddengaardredfin.com] 
Sent: Monday, March 17, 2008 2:30 PM
To: userslists.bricolage.cc
Subject: Help with permissions

I've been reading through the Security document
(http://www.bricolage.cc/docs/current/api/Bric/Securit
y.html) in hopes
of learning about permissions, and I'm stuck.  I'm trying to
do the
following:

 

-I have two desks: edit and publish

-I have two user groups: contributors and publishers (not
including all
the default "All *" groups)

-I have two users: A (a contributor) and B (a publisher)

-All other group areas are default and just have the
"All *" group

-I want to setup my workflow such that a contributor can
recall, create,
edit, and read the edit desk but only view the publish desk

 

First, is this possible?  Second, if so, then how could I go
about doing
it?  I've done a lot of fiddling and I can't seem to figure
this out.  I
haven't been able to get user A to find an existing story or
create a
new one.

 

Thanks in advance!

Alex

 

Yeah, my recent thread should address that specifically. 
Maybe David  
can share his hack!

In regards to understanding permissions - not sure where it
was  
posted, but at some point someone gave advice to read the
security  
page about 6 times - then come back  and read it again.  And
then try  
to implement what you want.  And honestly, that's pretty
good advice.

Keep searching this list - I think most arrangements have
been tried  
and questioned - I know I've done quite a few!  And if have
specific  
questions the list doesn't address, then post them.

-Matt


On Mar 17, 2008, at 5:39 PM, Alex Loddengaard wrote:

> Apologizes for not keeping up with my list email - some
of this was
> answered in other threads.  I do, however, not
understand permissions
> from a very fundamental level, so any/all help is
greatly appreciated.
>
> Thanks again!
>
> Alex
>
> -----Original Message-----
> From: Alex Loddengaard [mailto:alex.loddengaardredfin.com]
> Sent: Monday, March 17, 2008 2:30 PM
> To: userslists.bricolage.cc
> Subject: Help with permissions
>
> I've been reading through the Security document
> (http://www.bricolage.cc/docs/current/api/Bric/Securit
y.html) in hopes
> of learning about permissions, and I'm stuck.  I'm
trying to do the
> following:
>
>
>
> -I have two desks: edit and publish
>
> -I have two user groups: contributors and publishers
(not including  
> all
> the default "All *" groups)
>
> -I have two users: A (a contributor) and B (a
publisher)
>
> -All other group areas are default and just have the
"All *" group
>
> -I want to setup my workflow such that a contributor
can recall,  
> create,
> edit, and read the edit desk but only view the publish
desk
>
>
>
> First, is this possible?  Second, if so, then how could
I go about  
> doing
> it?  I've done a lot of fiddling and I can't seem to
figure this  
> out.  I
> haven't been able to get user A to find an existing
story or create a
> new one.
>
>
>
> Thanks in advance!
>
> Alex
>
>
>
>

On 17-Mar-08, at 5:29 PM, Alex Loddengaard wrote:
> First, is this possible?  Second, if so, then how could
I go about  
> doing
> it?  I've done a lot of fiddling and I can't seem to
figure this  
> out.  I
> haven't been able to get user A to find an existing
story or create a
> new one.

I think I just did this yesterday for an instance. Let me do
it again  
and capture the process... will post it shortly.

Phillip.

--
Phillip Smith,
Simplifier of Technology
Community Bandwidth
http://www.community
bandwidth.ca

On Mar 17, 2008, at 18:49, Matt Rolf wrote:

> In regards to understanding permissions - not sure
where it was  
> posted, but at some point someone gave advice to read
the security  
> page about 6 times - then come back  and read it again.
 And then  
> try to implement what you want.  And honestly, that's
pretty good  
> advice.

I always suggest that, because it's what I have to do to
re-learn the  
system whenever I'm doing an implementation.

Best,

David

> I've also typed up a slightly longer version of the
whole thing here:
> http://tinyurl.com/333mma

Phillip, this is awesome. I needed to do basically the same
thing as
your blogger example except for HR and job postings, and
thanks to your
videos it was a piece of cake!

However, while creating new stories works as advertised, my
HR user can
access and edit existing stories in other categories and of
other types.
Though, it can only associate a story with the jobs
category.

Is this the expected behavior?

FYI: Under workflow perms, the HR user has EDIT privileges
for the Story
group. Under desk perms, it has the same privileges as a
standard story
editor.

Chris


--------------------------------

Chris Schults
Web Developer
PCC Natural Markets
206-547-1222 x104
chris.schultspccsea.com
http://www.pccnatura
lmarkets.com 

Hey there Mr. Chris,

Just seeing this now. Stuck in meetings most of today -- but
will give  
this a noodle and respond asap.  

On 16-Apr-08, at 2:48 PM, Schults, Chris wrote:
>> I've also typed up a slightly longer version of the
whole thing here:
>> http://tinyurl.com/333mma
>
> Phillip, this is awesome. I needed to do basically the
same thing as
> your blogger example except for HR and job postings,
and thanks to  
> your
> videos it was a piece of cake!
>
> However, while creating new stories works as
advertised, my HR user  
> can
> access and edit existing stories in other categories
and of other  
> types.
> Though, it can only associate a story with the jobs
category.
>
> Is this the expected behavior?
>
> FYI: Under workflow perms, the HR user has EDIT
privileges for the  
> Story
> group. Under desk perms, it has the same privileges as
a standard  
> story
> editor.
>
> Chris
>
>
> --------------------------------
>
> Chris Schults
> Web Developer
> PCC Natural Markets
> 206-547-1222 x104
> chris.schultspccsea.com
> http://www.pccnatura
lmarkets.com
>
>

--
Phillip Smith,
Simplifier of Technology
Community Bandwidth
http://www.community
bandwidth.ca

Don't miss the Social Tech Training:
www.marsdd.com/socialtechtraining
June 22-24, 2008 in Toronto

On 16-Apr-08, at 2:48 PM, Schults, Chris wrote:
>> I've also typed up a slightly longer version of the
whole thing here:
>> http://tinyurl.com/333mma
>
> Phillip, this is awesome. I needed to do basically the
same thing as
> your blogger example except for HR and job postings,
and thanks to  
> your
> videos it was a piece of cake!
>
> However, while creating new stories works as
advertised, my HR user  
> can
> access and edit existing stories in other categories
and of other  
> types.
> Though, it can only associate a story with the jobs
category.
>
> Is this the expected behavior?
>
> FYI: Under workflow perms, the HR user has EDIT
privileges for the  
> Story
> group. Under desk perms, it has the same privileges as
a standard  
> story
> editor.
>
> Chris


Sorry for the delay here Chris (and many thanks for kicking
the tires!).

I was able to achieve what you're after by setting the
"DEFAULT SITE  
SITE CATEGORY PERMISSIONS" on / to DENY, while leaving
it set to READ  
on /blog/

I'll update that in my notes. Let me know if it works for
you.

Best,

Phillip.

--
Phillip Smith,
Simplifier of Technology
Community Bandwidth