8 Replies Latest reply on Aug 5, 2004 11:01 AM by florent Ducroizet

    HtmlBlock permission pattern?

    florent Ducroizet Newbie

      What pattern do you use for a basic HtmlBlock (designed with manageHTML module)
      that would only contain some html page? I thought :: would be enough, but I
      tried also blockname:: and even .*:.*:.* and .*:: without succeeding. Sorry if my request is stupid but could someone help me please this permission problem is really bugging me.
      Like, if I have a client group that should be the only one allowed to view my HtmlBlock, why doesn't :
      (and that's all) work ?
      ...thanks for your help...

        • 1. Re: HtmlBlock permission pattern?
          florent Ducroizet Newbie

          please help!!
          if I set :




          for my HtmlBlock, simply, doesn't it mean that any other group I created that's diff from Anonymous and Admins won't see the block??? is there a reason why it wouldn't work? also, when one logs in, the html module is called, so I can forbid just a page by using "/pathtopage/nameofpage.html::" as a pattern in html module's security, but how do I forbid a HtmlBlock?
          I found the menu example and forum example for permissions in the Wiki and I'd DIE for the HtmlBlock example, pleeeaaase!

          • 2. Re: HtmlBlock permission pattern?
            florent Ducroizet Newbie

            I mean, if I set :




            sorry.

            • 3. Re: HtmlBlock permission pattern?
              florent Ducroizet Newbie

              euh?
              group="" level="READ" pattern="::"
              group="admins" level="READ" pattern=".*:.*:.*"

              • 4. Re: HtmlBlock permission pattern?
                Gary Cuozzo Newbie

                I just brought up a site with nukes and needed to protect a "members" area. Here is what I did:
                1. I defined a group that all users should be a member of to be able to read the members only area.
                2. I created a page with id "/members/index.html and put some content on it
                3. Using the permissions module, I selected the HTML module and added read privs for the group that I defined in step 1. The pattern I used was ".*/members/.*::"

                You may also have to mess around with the priority of the rule. I don't remember 100%, but I may have also defined a lower priority rule that denies everybody access to that resource. My intent there is that if they are in the group, they'll match and be granted access. Otherwise, it will fall back to deny for everybody else.

                Hope that helps,
                gary.

                • 5. Re: HtmlBlock permission pattern?
                  florent Ducroizet Newbie

                  thanks cuoz!
                  - I managed forbidding access to Html content in the main area I think but I still cannot prevent my HtmlBlocks from being seen by everyone...
                  - also, about this pattern you use, does the .*/directory/.* mean any path that would contain "directory" in it? that would be cool :)
                  - what module is used to display my HtmlBlocks? is it the html module? should the pattern mention that block I want to forbid? why doesn't :: forbid the block itself? I'm still confused man.
                  thank you again cuoz, that surely helped!

                  • 6. Re: HtmlBlock permission pattern?
                    Gary Cuozzo Newbie

                    I believe the blocks should work the same way. When you go to permissions, you should see your html modules listed as 'blocks' and I think you can set the same sort of restrictions.

                    Yes, the pattern I used should match any directory with that same name. I believe the patterns are just regular expressions. If you want to learn more, read a bit on regexp's.

                    I think the html block only displays the main content. I think the other areas each have their own "block". On my setup, when I choose "permissions" and it asks to choose a component, there is a heading in the list for "blocks". I think those are the modules.

                    hope that helps,
                    gary.

                    • 7. Re: HtmlBlock permission pattern?
                      florent Ducroizet Newbie

                      thanks gary, I guess I have to struggle more with those patterns, I've tried many tho so if someone would tell me the basic ones I should give to my HtmlBlocks permissions...

                      • 8. Re: HtmlBlock permission pattern?
                        florent Ducroizet Newbie

                        also:

                        - when I modify the permissions of one of my HtmlBlocks with the permission module, it's implicite that the component-pattern will be "mycomponent::", isn't it?

                        and

                        - what are the three regions "reg1:reg2:reg3" of a pattern for htmlBlock component compared to? when I read in the call of secAuthAction: " fileId + "::" " I understand the "/pathIwanttoauthorize/.*::" pattern, but what if I want to forbid the whole block, not only html content? what is the fileId in that case, or what is tested in that case? which module has for instance pattern "nameofblockIwanttoforbid::" ? I tried core module and block module...