Vocabulary edition access to non-admin users

I'm currently looking at what options I have to have list selection widgets where the content of the list can be edited by specific users. Using vocabularies seems to be the most obvious choice and I also know from having worked with previous version of Nuxeo that you can make vocabularies editable by non-administrator. This doesn't seem so easy to do with Nuxeo 5.4.2 and 5.5.

I have managed to get the 'Admin center' tag to show by subverting the “admin” action but when I click on the tab as a single user, I get redirected to the Home screen.

This makes me think it's not as it sound and possibly not recommended. But, the alternative, which is creating widgets that pull data from the Nuxeo directory, doesn't seem that easy either, but I figure it would be very straightforward to control access to a portion of the Nuxeo directory dedicated to store information for the drop-down lists.

Have anyone faced the same questions as me? Is there a way to circumvent protections on vocabularies? Is my second alternative more logical?

0 votes

2 answers

1144 views

ANSWER

Funny - I just blogged on the exact same topic today! I would love to see a new security model (and other improvements) for vocabularies where you could achieve what you're looking for without customization! But for now I think that's your only avenue.
01/20/2012

Is your blog public? I'd be happy to read your thought on that. I must admit that vocabularies have been a bit of a thorn on my side since I started developping with Nuxeo.
01/21/2012



I made a custom contribution (see my blog entry on the subject) that adds the Vocabularies tab to all users in a specified group (Vocabulary Managers).

1 votes



Hi,

Nice post, just a small idea: using the syntax "<condition>#{currentUser.isMemberOf("Vocabulary Managers")}</condition>" in the action filter should work too (so you do not need to define a seam component for this test)

01/23/2012

Thanks Anahide :-)
01/23/2012


Hi,

Directories have originally been designed to ease up reuse of content shared by several applications: for instance, you define a test user and groups directory for development, and then use an LDAP directory for production. Or you define a SQL directory to store the list of “subjects” that can be set on your document, using a csv file, but actually in production you'll be using a view of an existing table in another database (that may be shared by several applications). So there is no fine-grained security model on directories for now, and that is why management screens are restricted to administrators: vocabularies, and vocabulary entries are not documents stored in the repository: you cannot benefit from the security model applying to documents.

That being said, Bruce's post does give you a workaround to make this feature available to other users (members of a given group). If we decided to add this kind of feature to the generic platform, we would probably make this configurable somewhere, but we've been thinking of adding a “profile” of “functional administators” to make it reusable in other situations than vocabularies management (still to define).

Last but not least, if you really need fine-grained security over your vocabularies (and want it to be a real security, not just UI tricks), you can also define document types that will hold your vocabulary definitions, and create widget types that would handle retrieval and display of the vocabulary entries (note that there is also room for improvements around directory widgets). You'll have to make sure these vocabularies are initialized correctly, and are visible to all users who would need them to be displayed in a form. I guess this can done fairly easily on a 5.5 version (or even 5.4.2). Page providers and tag nxu:selectItems could be useful.

Hope this helps.

1 votes