Category Permissions Specifications

The category permission feature is currently being tested in cvs HEAD branch (1.9 cvs).

To assign permissions to a category, go to tiki-admin_categories.php and click the appropriate key icon, which will send you to tiki-categpermissions.php. tiki-categpermissions looks and works very much like tiki-pagepermissions.php.

The current category permission system follows the following rules.
1. Categories are considered objects, just like wiki pages and forums, etc.
2. Permissions assigned to children objects take precedence over permissions assigned to parent objects.
3. If no permissions are assigned to an object, the permissions assigned to the closest ancestor object takes precedence.
4. If no permissions are assigned to an object and any of its ancestor objects, the global permission is considered.
5. In the case where an object belongs to multiple categories, the better-safe-than-sorry approach is taken. If a user lacks a given permission regarding a particular category, that category takes precedence when considering if user has that permission.


Note: Below is an older proposal of how category permissions should be implemented. The actual implementation described above is a bit different.
HOWTO: Assign permissions to all objects of a specified category

After a time looking at so nice program like Tikiwiki is I started looking how could I 'group' objects permissions.

I explain, my intention has been to be able to assign the same permissions to a couple of objects with minimun effort, the nearest thing to that target are Categories, that's the easiest way to group objects inside Tikiwiki but there's no way to apply permissions to Categories so... Here comes the nice things.

The only way you can assign the same permissions to a couple of objects is from direct SQL queries.

Assume we have a Category defined in our Tikiwiki called 'PrivateElements' with a couple of wiki pages on it.
Then we want to easilly assign 'wiki_p_view' permission only to our 'Registered' group on all those pages.

Well, it's possible, after a few looks onto tiki's sources and the database I wrote that query:

INSERT IGNORE INTO `users_objectpermissions` (groupName, permName, objectType, objectId)
SELECT 'Registered', 'tiki_p_view',  'wiki page', MD5(CONCAT(tiki_categorized_objects.type,tiki_categorized_objects.ObjId))
FROM tiki_categorized_objects, tiki_category_objects, tiki_categories
WHERE tiki_categories.name = 'PrivateElements' AND
                tiki_category_objects.categId = tiki_categories.categId AND
                tiki_category_objects.catObjectId = tiki_categorized_objects.catObjectId AND
                tiki_categorized_objects.type = 'wiki page';

What does this do?

This simply searches for all 'wiki page' objects that are into category 'PrivateElements' and inserts a new registry into users_objectpermissions table for group 'Registered', permission 'tiki_p_view' for every object found.

You can easylly adapt that query to your own needs, only change the following:

'Registered' by the group you wish to apply permissions
'tiki_p_view' by the permission you want to give
'wiki_page' (both entries) by the object type you want to search and apply.
'PrivateElements' by the Category you want to search objects for.

Just hope that this helps somebody!

Marc Fargas.

Page last modified on Tuesday 08 June 2004 19:18:24 GMT-0000