Permissions and sections
With the permission (roles) system in Exponential 3 you can very flexibly limit access to different parts of your content. One of the ways to do it is to give limited access to the sections of your site. For example can you have a web shop with articles and products and two groups of persons, where one group of persons can write articles in the "articles" section and the other group updates the products.
To make such a configuration you need to do the next five steps:
- you need to define two sections.
- assign these sections to a different parts of you sitemap tree
- create two different roles (or you can use already existing roles and just change the access policies)
- set up policies for these user roles
- assign these roles to the users.
Define and assign sections
To create a new section you need to go to the sections part of the admin interface in the "Set up" menu box and click the "New" button there. Create two sections: "Articles" and "Products".
To assign the created sections to certain parts of your site you click the "assign" link. You will see the so called "browse" page in which you can select one or more folders (in general any object of any class) to assign the section to. After you select a folder the system will assign the section to that folder and all its children.
Roles setup
Go to the "roles" page. Create a new role with the "New" button. You will be redirected to the role edit page. There you
can set the name for the role and set up policies. To create a new policy for the role you click "New" at the edit page.
Policy creation consist of (at maximum) three steps.
- selecting a module
- selecting a function
- creating limitations for function
Select module
Select the "content" module from the dropdown and click "Allow limited".
Select function
Select the "create" function from the dropdown and click "Allow limited"
Adding limitations to the function
You create "policy limitations" when you want to allow the user to execute a module function with some limitations.
For example a user can read content from section "1" and only articles from that section. "Section 1" and "only articles"
are limitations. So in our case we need to create a limitation policy which will allow users to create objects only in
one section. Depending on what role you are editing now (for article editors or for product editors) you need to select
proper section(s) from the list.
In addition to section limitations you can limit access by classes as well. For example for "article editors" you want to
limit the classes of objects they can create to folders and articles. This is shown in the picture above.
After selecting limitations you click the "Ok" button which will add the policy to the role.
You need to create policies for each function in the "content" module. Create new policies according to the permissions
you want to give to the users that role is assigned to.
To save the role you click the "Apply" button on the "role edit" page. Modifications to the role are not visible for the
system until you save the role.
Now you need to repeat the steps described above for another role ("Product editors"). You must select different
limitation parameters according to the role you are setting up.
Assign these roles to the users
After you have created the roles, you need to assign them to users or user groups. If you are planning to have a couple
of product and article editors it is better to create two user groups and assign the roles to these user groups. After
that any users in these groups will have the roles assigned to them. You can assign roles to users from two places:
From the role/view page or from the role/list page. You are redirected to the role/view page after applying modifications
to the role.
After clicking the "Assign" button you will be redirected to the "browse" page. You can select user groups or users there.
By clicking "select" on that page you assign the role to the selected groups or users.
After assigning roles to the users the configuration is done.
| 
