Permissions

Permissions gives authorization to one role to do one action on one resource.

One permission concerns always the combination of role / action / resource.

Because each user has a role (see Users and Roles), ionize and the developer can always know if one user is allowed or not to do something.

One resource can be :

  • One backend panel or backend feature,
  • One module panel or module feature,
  • One given page,
  • One given article.

They are 2 families of resources :

Backend : Admin / Module

Concerns the ionize backend authorizations.

For example, be allowed to do the action "edit" on the resource "admin/page" means, for one role, the ability to edit pages through the backend.
For this resource family, if no permission is explicitly existing for the role, the action will be denied.

Set permissions

These permissions are set through the ionize panel : Settings > Users & Roles, for each role.

Actions

The default action on one resource is "access".

Ionize backend permissions

Stay with the mouse on one permission name will display the action name and the corresponding resource string.

Elements : Backend & Frontend access to content :

Concerns the content (Pages, Articles, etc.).

For example, be allowed to do the action "edit" on the resource "backend/page/8" means, for one role, the ability to edit the page number 8 through the backend.

For this resource family, authorizations are only checked if one restriction exists on this resource.
That means that if no permission exists on this resource, actions will be allowed for everybody.

To give the frontend user the ability to login, you can add the user login form to one page view and link it to the 401 page.

Set permissions

Permission are set on each element which implement permissions.
For example, on one page edition panel.

To set permissions on one given page, the user's role must have the permission to ... set permissions on pages !

If no permission is set on one content (no role checked), everybody has access.

Page permissions

Ionize Permissions on Page

The above illustration shows permissions set to one page.
In this example :

  • On frontend : Only users logged in and who have the role "Members" can access this page
  • On frontend : Other users will receive one 401 code and see the 401 page (Must login), from the tree : System > 401
  • From the backend : only Super Admins will be able to edit this page.

Article permissions

Articles permissions works like the page permissions.
Once one permission is set, only users who have the given role will be able to edit them from the backend or see them on the frontend.

Ionize permissions on articles

The above illustration shows permissions set to one article.
In this example :

  • On frontend : Only users logged in and who have the role "Members" can have access this article
  • On frontend : The article display will depend on how the view is built.
  • From the backend : No restriction on any action for any user on this article

Because articles can be displayed in several ways in one page, ionize lets the developer decide what should be displayed in case of permissions restriction set to articles.
When no special display process is set in one view, articles with restrictions will simply not be displayed for unauthorized users.

For more information about permissions on articles, see : Tag References > Permissions

Role dependant permissionsTop of Page

Some backend features are only available for one given role.

FeatureAllowed RoleBackend panelReason
Page : Change the page's internal name super-admin Page panel, upper right, before the status. The internal page name can be used in views, to get articles from one given page.
Changing this name must only be available to the developer.
Example of usage :
<ion:page id="news-page">
<ion:articles>
...
</ion:articles>
</ion:page>
Article : Change the article's internal name super-admin Article panel, upper right of options. Same than internal page name
PHP Info super-admin Settings > Advanced Settings > System Server's settings data.