Permissions gives authorization to one role to do one action on one resource.
One permission concerns always the combination of role / action / resource.
Because each user has a role (see Users and Roles), ionize and the developer can always know if one user is allowed or not to do something.
One resource can be :
- One backend panel or backend feature,
- One module panel or module feature,
- One given page,
- One given article.
They are 2 families of resources :
Backend : Admin / Module
Concerns the ionize backend authorizations.
For example, be allowed to do the action "edit" on the resource "admin/page" means, for one role, the ability to edit pages through the backend.
For this resource family, if no permission is explicitly existing for the role, the action will be denied.
These permissions are set through the ionize panel : Settings > Users & Roles, for each role.
The default action on one resource is "access".
Stay with the mouse on one permission name will display the action name and the corresponding resource string.
Elements : Backend & Frontend access to content :
Concerns the content (Pages, Articles, etc.).
For example, be allowed to do the action "edit" on the resource "backend/page/8" means, for one role, the ability to edit the page number 8 through the backend.
For this resource family, authorizations are only checked if one restriction exists on this resource.
That means that if no permission exists on this resource, actions will be allowed for everybody.
To give the frontend user the ability to login, you can add the user login form to one page view and link it to the 401 page.
Permission are set on each element which implement permissions.
For example, on one page edition panel.
To set permissions on one given page, the user's role must have the permission to ... set permissions on pages !
If no permission is set on one content (no role checked), everybody has access.
The above illustration shows permissions set to one page.
In this example :
- On frontend : Only users logged in and who have the role "Members" can access this page
- On frontend : Other users will receive one 401 code and see the 401 page (Must login), from the tree : System > 401
- From the backend : only Super Admins will be able to edit this page.
Articles permissions works like the page permissions.
Once one permission is set, only users who have the given role will be able to edit them from the backend or see them on the frontend.
The above illustration shows permissions set to one article.
In this example :
- On frontend : Only users logged in and who have the role "Members" can have access this article
- On frontend : The article display will depend on how the view is built.
- From the backend : No restriction on any action for any user on this article
Because articles can be displayed in several ways in one page, ionize lets the developer decide what should be displayed in case of permissions restriction set to articles.
When no special display process is set in one view, articles with restrictions will simply not be displayed for unauthorized users.
For more information about permissions on articles, see : Tag References > Permissions
Role dependant permissionsTop of Page
Some backend features are only available for one given role.
|Feature||Allowed Role||Backend panel||Reason|
|Page : Change the page's internal name||super-admin||Page panel, upper right, before the status.||The internal page name can be used in views, to get articles from one given page.
Changing this name must only be available to the developer.
Example of usage :
|Article : Change the article's internal name||super-admin||Article panel, upper right of options.||Same than internal page name|
|PHP Info||super-admin||Settings > Advanced Settings > System||Server's settings data.|