I run a TYPO3 mulitroot installation with about 20 domains.
We have a problem, that always a user creates a new page, it has the wrong group and I have to change the group in "Access".
User1 has Group1
User2 has Group1
User1 creates a new page (Page1).
this page grants Access for User1 and Group2 ( User1 does not have permission for Group2!!)
User2 does not have Access for Page1
User1, and User2 are no admins
why has Page1 the default Group2??
can you help?
You can set ownership in TSconfig for pages:
[PIDinRootline = 20]
TCEMAIN.permissions {
userid = 12
groupid = 23
}
[GLOBAL]
Explanation: All subpages of page id=20 get ownership of user id=12 and group id=23.
Maybe you have some broken page / user tsconfig settings, you should check especially for TCEMAIN.permissions, see https://docs.typo3.org/typo3cms/TSconfigReference/PageTsconfig/TceMain.html#permissions for more details.
Related
TYPO3 9.5.22
I have a TYPO3 based site with a number of department related subtrees, D1, D2, D3.
Users of department D1 are in backend group D1 and can work in the D1 Subtree via a DB mount.
Users of department D2 are in backend group D2 and can work in the D2 Subtree via a DB mount.
If a user U1D1 (Member of Group D1) creates a page in the D1 subtree, the page group owndership by the "admins" group.
This means that U2D1 can not edit pages of U1D1.
What do I have to do so pages created by U1D1 belong to group D1 instead of admins?
Any help would be greatly appreciated.
Usually, a new page would get the main usergroup of a user (probably "admin" in your case).
You can override that by setting TCEMAIN.permissions.groupid in PageTS on the specific pagetree. https://docs.typo3.org/m/typo3/reference-tsconfig/master/en-us/PageTsconfig/TceMain.html#groupid
Don't hesitate to ask if you are unsure how to add it for a specific page tree.
You can use the TYPO3 mechanism for setting default values for single fields of a record. in this case the records are pages and the default value in question is the group the page should belong to.
In case you have a complex system of user groups where multiple groups should be able to share access to the same pages it's helpful to introduce a helper group which is subgroup of the groups assigned to the users (typical for LDAP connections). in this way you have groups which own the pages, and multiple parent groups which include the owner groups.
As new pages are assigned the primary user group by default, you end up in a chaos which pages can be edited by which user. Especially if admins are involved too. Here it is necessary to assign clearly the owner group to any new pages.
more Info on the settings can be found in this SQ answer:
https://stackoverflow.com/a/60072878/6796354
You can adjust the ownership and access rights on the access-page
What is the best way to separate assets in a multi site TYPO3 9.5 setup. So editors of site A do not have access to the assets of site B and vice versa. But editors with permissions to edit both sites, should have access to the assets of site A and B.
In general: try to avoid assigning anything to users directly.
Try to assign rights, acccess to BE usergroups. so you have roles which can be granted to individuals. and if someone has multiple roles he gets multiple usergroups and has the compound rights.
Be aware of some drawbacks you will not be able to avoid:
if a user has access to multiple filemounts (because of different roles) he can use these cross over.
In your case: if an user has access to filemount A for site A and filemount B for site B he also can use a file from A in the pages of B. Other editors with only access to site B may have problems to edit this.
Creating new pages might hide the new pages for other users. as TYPO3 uses a similar system of rights like the unix file system you must ensure that new pages have the correct group so other members of the group can access these pages. as normaly the first group is taken it might be the group of the other site. give all pages a default group with TSconfig in the root pages of the different sites.
.
TCEMAIN.permissions {
# the id if the BE usergroup who should be able to edit pages in this tree
groupid = 13
# now the rights for owner, group, world (1)
user = 31
group = 19
everybody = 1
}
(1) the rights are assigned bitwise:
2^0 = 1 = show page (show/Copy page and content)
2^1 = 2 = edit page (Change/Move page, eg. change page title)
2^2 = 4 = delete page (delete page or content)
2^3 = 8 = new pages (create new pages under this page)
2^4 = 16 = edit content (change/ add/ delete/ move content)
I get a user's JID,i want to get the group info that the user has joined by user JID.
Can someone help me ?Please.
Depending on which storage type you are using in there (CoreData/Memory) - the 'groups' field on the user (XMPPUserCoreDataStorageObject) is a 1:m relation to the groups (XMPPGroupCoreDataStorageObject) of that user, and each group also has a 1:m relation to users (group.users).
So you should be able to get the user object via the jid of that user ([xmppRosterStorage userForJID:jid ...]), and from there, get the groups (user.groups).
I have created Closed User Groupe My_CUG in crx and added some users user1 and user2. I would like to get the user registered in My_CUG and their email. How can I Access My_CUG programmatically?
You can do that in the following way -
If you group name is "My_CUG" then you can resolve the corresponding group object by using the correct admin privileges -
Session adminSession = resourceResolver.adaptTo(Session.class);
UserManager um = AccessControlUtil.getUserManager(adminSession);
Group naGrp = (Group) um.getAuthorizable("My_CUG");
Now you can add any user (user1) to this group by -
naGrp.addMember(user1_Object);
Hope this solves your problem.
I have created an Organization which has four user groups. I want to restrict the user group to view the file uploaded by the other user group.
i.e
Organization 1
User Group 1
A
B
User Group 2
C
D
User Group 3
E
F
User Group 4
G
H
I am using CustomLanding hook to land on the organization page.
From above, If A uploads a document, it can be viewed only by B in user group 1.
Like the same I want to restrict the viewable condition to other groups also.
Please guide me to achieve this.
Regards,
Dinesh.
you can create different roles for the user and apply permission for role.
Instead of taking as user group with in organization we have teams. you can try with teams.