Page permissions

Modules

Each module (Marketing, Utilities, etc) has a record in the JaduModules table. Modules appear in the top navigation in the Jadu Control Center.

Modules are simply a way of grouping related parts of the CMS, it is not the modules themselves that administrators are assigned to, rather the individual module pages.

Module pages

Module pages relate to actual PHP scripts that administrators can access. Each module page is assigned to a single module and can be viewed by selecting a module from the navigation in the Control Center.

Module page records are stored in the JaduModulePages database table. This table stores the following data:

Column Description
id uniquely identifies the module page
moduleID the module that this particular module page is assigned to
pageURL the URL, relative to the public_html/jadu directory. This is used to generate a link to the page
name the text that will be displayed in the drop-down menu
parentID if a module page is to be displayed in the module drop-down entry then the value should be set to -1. If the module page is not to be displayed in the dropdown menu then it needs to be associated with a page that is. This is commonly used when there are multiple pages that make up a module page (e.g. through a tabbed interface) but only one should show in the menu. In these cases an administrator is assigned to the parent page and whatever rights they have on the parent page are the same as any child pages
workflow determines whether this module page is governed by the workflow module
adminAccessOnly if the value in this field is 0 then the module page will be displayed as normal. If the value is 1 then the module page will not be displayed in a module’s menu however it will still be possible to say whether an administrator has access to the page or not when editing the administrator’s privileges. This is typically used for pages such as the console which appear in the mast rather than in a menu. It is also useful for any additional privileges that need to be granted but are not part of a module page, such as whether an administrator is allowed to assign supplements to content
position this determines the order in which pages are displayed in the menu. Lower numbered pages are displayed before higher numbered pages
pageGroup the menu for each module can be divided into groups of related items. All module pages with the same group number are displayed together and groups are ordered by the number in this field

Administrator permissions

By default an administrator does not have access to any module page in Continuum CMS, they must first be assigned access. Pages are typically assigned to an administrator when the administrator is created and then further refined when the administrator is edited.

The table JaduAdminPageAccess is used to associate an administrator with a particular page. If there is an entry in this table that associates an administrator id with a page id then that administrator will be able to view that page. Conversely, if there is no record in this table associating the administrator with the page then the administrator will have no access.

It is also possible, again with the JaduAdminPageAccess table, to determine whether an administrator is allowed to create, update and delete content on the page in question. A 0 in each of the respective create, update and delete fields corresponds to a user that does not have the permission to perform the respective action.

The permissions of a user can be checked using the deleteContent, updateContent, viewContent and createContent attributes of the `$adminPageAccessPermissions instance.

This variable is defined in public_html/jadu/includes/head.php which is included in every Control Center script.

For example, the body of the following if statements would only be executed if the user currently logged into the Control Center had the correct permissions:

if ($adminPageAccessPermissions->viewContent) {
    // only execute if user has view permission
}

if ($adminPageAccessPermissions->createContent) {
    // only execute if user has create permission
}

if ($adminPageAccessPermissions->updateContent) {
    // only execute if user has update permission
}

if ($adminPageAccessPermissions->deleteContent) {
    // only execute if user has delete permission
}

results matching ""

    No results matching ""