History: Permission Management
Preview of version: 23
A profile would not be very useful if it could not grant rights appropriately for groups. Profiles allow to create groups and to modify the permissions of existing groups using a unified syntax.
The permissions block is a top level block.
Permissions can be set to specific objects as long as the ID is known or it was also created by a profile using Object References. The object type does not have to be supported by Tiki Profiles, but a static ID will have to be provided.
The permissions block is a top level block.
Example
Group Permissions Example
YAML
permissions: Anonymous: allow: [ export_wiki ] Registered: description: Will be ignored because group is already created allow: [ edit, minor ] deny: [ export_wiki ] Moderators: description: Trusted users watching the recent changes to avoid spam allow: [ rollback ] include: [ Registered ]
Group Permissions and Object Permissions Example
YAML
permissions: Anonymous: allow: [ export_wiki ] Registered: description: Will be ignored because group is already created allow: [ edit, minor ] deny: [ export_wiki ] Moderators: description: Trusted users watching the recent changes to avoid spam allow: [ rollback ] include: [ Registered ] objects: - type: forum id: $moderator_discussion_forum allow: [ forum_post, forum_post_topic, forum_read ]
Dynamic group name example
The dynamic groups are useful when Data Channels are used to set-up workspaces. Based on user input or object reference, a dynamic group name can be created and used instead of the simple group name.YAML
mappings: Member: Member ($profileobject:some_ref$) Leader: Leader ($profileobject:some_ref$) permissions: Member: allow: [ view, edit ] Leader: allow: [ view, edit, rollback ]
Permissions can be set to specific objects as long as the ID is known or it was also created by a profile using Object References. The object type does not have to be supported by Tiki Profiles, but a static ID will have to be provided.
Group attributes
Unless mentioned otherwise, these attributes only apply on group creation| Field name | Mandatory | Value |
| description | Group description | |
| allow | List of permissions granted to the group. Permissions are as used in tikiwiki, except initial tiki_p_ is removed. Applies on existing groups. | |
| deny | Negative permissions. Same as allow. Applies on existing groups. | |
| include | Group name or list of included groups. Applies even if the group exists. Will replace the current list of included groups. | |
| autojoin | When enabled, the user running the profile will automatically join the group. | |
| objects | List of objects permissions. (see below) | |
| home | URL of the group home. | |
| theme | Default theme for members. | |
| user_signup | y or n, users can join this group themselves | |
| default_category | Category ID. | |
| user_tracker | Tracker ID. | |
| group_tracker | Tracker ID. | |
| registration_fields | List of tracker fields to display in the registration form. |
Object permissions
| Field name | Mandatory | Value |
| type | yes | Object type, as known in tikiwiki or profiles |
| id | yes | Object ID. |
| allow | Similar to group allow. | |
| deny | Similar to group deny |
Related tool
The YAML Camel for permissions.
You can use Page "PermissionManagement" does not exist to create (most of) the YAML markup you need to create a permissions profile. (Excel 2007)
You can use Page "PermissionManagement" does not exist to create (most of) the YAML markup you need to create a permissions profile. (Excel 2007)
History
Current Profiles
Latest Changes
- test_profile_change
- test_new_personal_blog_and_profile
- test_new_personal_blog_and_profile_vlog_include
- Bootstrap Row and Col Plugin Aliases
- Profile_Test_all_Modules_Test_all_Modules_page
- Bug_Tracker_16
- Bug_Tracker_16
- Profile_Tracker_as_Calendar_page_09
- Tracker_as_Calendar_09
- TikiKart_Product_Include
- Shopping_Cart
- Scheduler_Presets_20
- test_new_personal_blog_and_profile_post3_include
- test_new_personal_blog_and_profile_post2_include
- test_new_personal_blog_and_profile_post1_include
- test_new_personal_blog_and_profile_about_include
- test_new_personal_blog_and_profile_social_include
- R_demo
- Voting_System
- Test_all_tracker_field_types_profile