Loading...
 

Permission Management

A profile would not be very useful if it could not grant rights appropriately for groups. Profiles allow to create groups and to modify the permissions of existing groups using a unified syntax.

The permissions block is a top level block.

For category permissions: create the categories and assign items to them with the category handler. Then give groups permissions on the categories with the permissions handler.

Example


Group Permissions Example

YAML
permissions: Anonymous: allow: [ export_wiki ] Registered: description: Users that are logged in allow: [ edit, minor ] deny: [ export_wiki ] Moderators: description: Trusted users watching the recent changes to avoid spam allow: [ rollback ] include: [ Registered ]




Group Permissions and Object Permissions Example

YAML
permissions: Anonymous: allow: [ export_wiki ] Registered: description: Users that are logged in allow: [ edit, minor ] deny: [ export_wiki ] Moderators: description: Trusted users watching the recent changes to avoid spam allow: [ rollback ] include: [ Registered ] objects: - type: forum id: $moderator_discussion_forum allow: [ forum_post, forum_post_topic, forum_read ]


Dynamic group name examples

The dynamic groups are useful when Data Channels are used to set-up workspaces. Based on user input or object reference, a dynamic group name can be created and used instead of the simple group name.

YAML
mappings: Member: Member ($profileobject:some_ref$) Leader: Leader ($profileobject:some_ref$) permissions: Member: allow: [ view, edit ] Leader: allow: [ view, edit, rollback ]

In the above example, the group respectively named 'Member (ref)' and 'Leader (ref)' will be created if they did not exist (if ref is the input you give in the form)

Permissions can be set to specific objects as long as the ID is known or it was also created by a profile using Object References. The object type does not have to be supported by Tiki Profiles, but a static ID will have to be provided.

Create a group from user input

The example below uses two $profilerequest inputs, one for group name and one for description.

Note: if you have underscore characters in your reference names it will not work (here groupname is good, group_name is not).

YAML
mappings: DummyGroupName: $profilerequest:groupname$Default name$ permissions: DummyGroupName: description: $profilerequest:groupdesc$Default description$ include: [ Registered ] allow: [ search, view_category, wiki_view_attachments, view ]


Group attributes

Unless mentioned otherwise, these attributes only apply on group creation
Field nameMandatoryValue
description Group description
allow List of permissions granted to the group. Permissions are as used in Tiki, except initial tiki_p_ is removed. Applies on existing groups.
deny Negative permissions. Same as allow. Applies on existing groups.
include Group name or list of included groups. Applies even if the group exists. Will replace the current list of included groups.
autojoin When enabled, the user running the profile will automatically join the group.
objects List of objects permissions. (see below)
home URL of the group home.
theme Default theme for members.
user_signup y or n, users can join this group themselves
default_category Category ID.
user_tracker Tracker ID.
group_tracker Tracker ID.
registration_fields List of tracker fields to display in the registration form.


Object permissions

Field nameMandatoryValue
typeyesObject type, as listed on object types
idyesObject ID.
allow Similar to group allow.
deny Similar to group deny








The YAML Camel for permissions.
You can use this spreadsheet" - attatched to this page to create (most of) the YAML markup you need to create a permissions profile. It contained all the tiki perms as of 2008, and allowed assists the creation of a vertical permission stack. (Excel 2007)



Category: Documentation