Loading...
 
Features / Usability

Features / Usability

Forum List Topic List

 
Thread actions
PDF Print this page
  • Print all pages

    • Category help

    Posted by Bart Wallace posts: 24 United States

    I believe I'm missing something in category permissions. I'd like to set up categories to allow different groups different access. I've created some categories and am working with the Anonymous group - for now.

    My Anonymous group has only two permissions tiki_p_view_categories & tiki_p_view_categorized.

    I have a category hierarchy of Top::Policy::Information Security::Approved; Top::Policy::Information Security::Draft; Top::Policy::Information Security::Pending. I can see these categories on my wiki with Anonymous.

    When looking at my category hierarchy, I see Policy (0/11) Information Security (0/11) Approved (1/1) Draft (10/10) Pending (0/0). These are referencing wiki pages that have been categorized.

    When I click on the Approved and/or Draft categories, no wiki page even appears.

    Current permissions for the category Top::Policy are: Anonymous/tiki_p_view_categories/X (Remove from this Category & all its Children). Shouldn't this give Anonymous the ability to view the items in the category Top::Policy and all others below it?

    Also, I may have a potential bug. When I choose the category permissions option (button) 'this category only' - I don't see this as listed. Instead I see X (Remove from this Category & all its Children) and NOT (remove from this category only) as shown in the documentation http://doc.tikiwiki.org/tiki-index.php?page=Category+Admin&bl=y#Assigning_permissions_to_categories. It appears the button, 'this category only' is not working for me.

    Can someone offer some help on my confusion/problem?

    I'm using version 2.1 on Apache2/PHP Version 5.1.2 & SLES10

    Thanks,

    Bart

    Reads: 1190
    Link
    Posted by Darren posts: 289 United States

    First clear your Tiki temp cache on the page tiki-admin_system.php. This can be the cause of a lot of category/permission, then report back and let everybody know how you got on.

    It sounds like you have everything set up correctly, although I did note problems where category permissions would only propagate to the first child category below and not any below that. In other words, permisions applied to "Policy" would only propagate to "Information Security", and not "Approved", "Draft", or "Pending", so check those categories in each case.

    Link
    Posted by Bart Wallace posts: 24 United States

    I cleared the cache. Now within Assign permissions I have 5 options on Assign Permissions. Before I had only three: tiki_p_view_categories, tiki_p_edit_categories, tiki_p_admin_categories. Now I have an additional two: tiki_p_view_categorized & tiki_p_edit_categorized. I didn't know I was missing those - but still have the same results!

    Yes, I have verified permissions only propagating down one level - so I set both tiki_p_view_categories & tiki_p_view_categorized at levels Approved, Draft & Pending, but still no luck.

    When I found the extra two permissions on the categories I went back to my Anonymous group and removed all permissions. Then set the permissions within the category as stated above. When I remove these permissions from the group, I can't get at anything on my wiki - it wants a login.

    When I enable the tiki_p_view_categories & categorized on the Anonymous group, I can see Categories, just no pages. If I add tiki_p_view to the group Anonymous, then I can see the page through the category listing. Its as if the category php page is not setting the permissions. My thinking is if I can set the groups permissions within the categories, I shouldn't have to have the same permissions set on the group - should I? Shouldn't those permissions set within the category options show as permissions in the admin group options?

    Link
    Posted by Darren posts: 289 United States

    This might be a stupid question but are you sure your pages are categorized?

    My understanding of the permissions model is that it checks the global permissions first (user group permissions), if the user of a particular user group has sufficient privileges to access a given object then all well and good. If not, the you have to check the special permissions of the category, then of the object itself. If the user doesn't have any of those then it's game over.

    So in your case, you should be able to have it so that anonymous users can't see any wiki pages except those that are in special categories, with the appropriate permissions designated. In general, those permissions need to be tiki_p_view_categories and tiki_p_view_categorized, in other words they need to be able to see the category and the object within the category.

    Link
    Posted by Bart Wallace posts: 24 United States
    Yes, they are categorized. When I choose Admin/Categories and click on Approved, I see one page is categorized. Draft has 10 pages.
    Link
    Posted by Darren posts: 289 United States

    I'm at a bit of a loss then.

    To recap; "Draft", "Pending" and "Approved" categories should all have both tiki_p_view_categories and tiki_p_view_categorized category permissions granted to the anonymous user group. Furthermore, the anonymous user group itself does not have to have tiki_p_view_categories and tiki_p_view_categorized permissions in order to be able to see all pages categorized under the those categories mentioned above. In fact, if you don't give the anonymous user group those permissions they will only be able to see those pages categorized under the 3 categories mentioned (and any categories above, if they too have the appropriate permissions).

    Link
    Posted by Bart Wallace posts: 24 United States
    Yes, that is the way I understand it as well. My system just doesn't seem to be working that way.
    Link
    Posted by Bart Wallace posts: 24 United States
    DarkBee - can you do me a favor? I've been perusing my MySQL database. Can you look at your tables (I'm using phpmyadmin) and particularly tiki_categorized_objects. I only have one field, namely catObjectId. The documentation (http://doc.tikiwiki.org/tiki-index.php?page=Categories+Details&bl=y) leads me to believe I should have more than one, i.e. objId, description, created, etc. I'm wondering if my DB is screwed up. Do you have more than one field in this table?
    Link
    Posted by Darren posts: 289 United States

    Nope, I just have one field too, same as you.

    I'm guessing this table litterly represents which objects have been categorized or not. If the object ID isn't in the table then the object hasn't been categorized. I can't check right now but perhaps I'll be able to have a look later.

    it looks like tiki_category_objects is the table that actually tells you what category each object is in.

    As far as the documentation goes, it's a work in progress, I wouldn't take it as gospel.

    Link
    Posted by Darren posts: 289 United States

    Did you say that you have 5 category permissions, because I only have 4?

    I believe the permissions for version 2.0/2.1 should be:

    • tiki_p_edit_categorized
    • tiki_p_view_categories
    • tiki_p_view_categorized
    • tiki_p_admin_categories


    If you have 5 then your upgrade might not have worked correctly. This might explain why you are:

    1. Having trouble get your category permission to work as they should
    2. Understanding the differences between permissions (because one of the permissions is erroneous)
    Link

    Posted by Rontu posts: 54 Germany
    Current permissions for the category Top
    Policy are: Anonymous/tiki_p_view_categories/X (Remove from this Category & all its Children). Shouldn't this give Anonymous the ability to view the items in the category Top
    Policy and all others below it?


    I think, no. The permission tiki_p_view_categories gives only the right to see the categories itself, but when an anonymopus visitor should be able to see e.g. the categorized wiki page, you must give him the permission tiki_p_view_categorized.

    If you apply the permission for Top::Policy using "give permission to this category and all subcategories", then you give it until Approved, Draft and Pending. If you don't want to do so, choose the other button "permission only for this category".

    Link
    Posted by Bart Wallace posts: 24 United States
    ...but when an anonymopus visitor should be able to see e.g. the categorized wiki page, you must give him the permission tiki_p_view_categorized.

    My Anonymous group has only two permissions tiki_p_view_categories & tiki_p_view_categorized.


    I do have this permission. In fact, the only permissions Anonymous has are these two - which should cover it. No?

    Link

    Posted by Bart Wallace posts: 24 United States

    For those looking for an answer, I was missing something. According to (http://doc.tikiwiki.org/tiki-index.php?page=Upgrade+1.9.x+to+2.0.y&bl=y) you need to set the group permissions for Anonymous. I had gone from 1.9 - 2.0 - 2.1 and my Anonymous group permissions for categories was not set.

    Incidently, I discovered all of this by creating a completely new install with 2.1. When I enabled categories, I still couldn't see them from Anonymous. Once I read the page from above and set the group permissions, things started to make sense. Out of the box, the only permissions set on the group Anonymous was tiki_p_view.

    Setting these group permissions fuction at the global permission level. Setting a permisson at the category level will overwrite (or take precedence) the global permission. But, you already knew that. wink

    Link