A profile would not be very useful if it could not grant rights appropriately for groups. Profiles allow to create groups and to modify the permissions of existing groups using a unified syntax.
The permissions block is a top level block.
For category permissions: create the categories and assign items to them with the category handler. Then give groups permissions on the categories with the permissions handler.
In the above example, the group respectively named 'Member (ref)' and 'Leader (ref)' will be created if they did not exist (if ref is the input you give in the form)
Permissions can be set to specific objects as long as the ID is known or it was also created by a profile using Object References. The object type does not have to be supported by Tiki Profiles, but a static ID will have to be provided.
Note: if you have underscore characters in your reference names it will not work (here groupname is good, group_name is not).
The permissions block is a top level block.
For category permissions: create the categories and assign items to them with the category handler. Then give groups permissions on the categories with the permissions handler.
Example
Group Permissions Example
permissions: Anonymous: allow: [ export_wiki ] Registered: description: Users that are logged in allow: [ edit, minor ] deny: [ export_wiki ] Moderators: description: Trusted users watching the recent changes to avoid spam allow: [ rollback ] include: [ Registered ]
Group Permissions and Object Permissions Example
permissions: Anonymous: allow: [ export_wiki ] Registered: description: Users that are logged in allow: [ edit, minor ] deny: [ export_wiki ] Moderators: description: Trusted users watching the recent changes to avoid spam allow: [ rollback ] include: [ Registered ] objects: - type: forum id: $moderator_discussion_forum allow: [ forum_post, forum_post_topic, forum_read ]
Dynamic group name examples
The dynamic groups are useful when Data Channels are used to set-up workspaces. Based on user input or object reference, a dynamic group name can be created and used instead of the simple group name.mappings: Member: Member ($profileobject:some_ref$) Leader: Leader ($profileobject:some_ref$) permissions: Member: allow: [ view, edit ] Leader: allow: [ view, edit, rollback ]
In the above example, the group respectively named 'Member (ref)' and 'Leader (ref)' will be created if they did not exist (if ref is the input you give in the form)
Permissions can be set to specific objects as long as the ID is known or it was also created by a profile using Object References. The object type does not have to be supported by Tiki Profiles, but a static ID will have to be provided.
Create a group from user input
The example below uses two $profilerequest inputs, one for group name and one for description.Note: if you have underscore characters in your reference names it will not work (here groupname is good, group_name is not).
mappings: DummyGroupName: $profilerequest:groupname$Default name$ permissions: DummyGroupName: description: $profilerequest:groupdesc$Default description$ include: [ Registered ] allow: [ search, view_category, wiki_view_attachments, view ]
Group attributes
Unless mentioned otherwise, these attributes only apply on group creationField name | Mandatory | Value |
description | Group description | |
allow | List of permissions granted to the group. Permissions are as used in Tiki, except initial tiki_p_ is removed. Applies on existing groups. | |
deny | Negative permissions. Same as allow. Applies on existing groups. | |
include | Group name or list of included groups. Applies even if the group exists. Will replace the current list of included groups. | |
autojoin | When enabled, the user running the profile will automatically join the group. | |
objects | List of objects permissions. (see below) | |
home | URL of the group home. | |
theme | Default theme for members. | |
user_signup | y or n, users can join this group themselves | |
default_category | Category ID. | |
user_tracker | Tracker ID. | |
group_tracker | Tracker ID. | |
registration_fields | List of tracker fields to display in the registration form. |
Object permissions
Field name | Mandatory | Value |
type | yes | Object type, as listed on object types |
id | yes | Object ID. |
allow | Similar to group allow. | |
deny | Similar to group deny |
Related tool
The YAML Camel for permissions.
You can use this spreadsheet" - attatched to this page to create (most of) the YAML markup you need to create a permissions profile. It contained all the tiki perms as of 2008, and allowed assists the creation of a vertical permission stack. (Excel 2007)
You can use this spreadsheet" - attatched to this page to create (most of) the YAML markup you need to create a permissions profile. It contained all the tiki perms as of 2008, and allowed assists the creation of a vertical permission stack. (Excel 2007)