This is just a placeholder site for Composr CMS 11 beta. It will become the new homesite once version 11 reaches stable. For the current v10 homesite, click here. Please also use the v10 tracker to report v11 issues.
Permissions / Privileges
These FAQs briefly summarise key points on how Composr's permissions and privileges systems work.
What is the difference between access permissions and privileges in Composr?
Answer
Access permissions control whether members of a certain usergroup can view specific areas of your site, such as zones, pages, and categories. A member only needs one of their usergroups to have access permission to view the content. But permissions work on a deny-first policy; if one of the permissions applicable to viewing something is denied for a usergroup, then the whole thing is denied for that usergroup (e.g. even if a download itself grants access, access will be denied if its category denies access).
Privileges, on the other hand, dictate what actions a usergroup is allowed to perform across the website, like using advanced Comcode or bypassing the word filter.
How can I control who can view specific pages or categories?
Answer
You can manage access control for zones, pages, and categories primarily through the Permissions Tree Editor (Admin Zone > Security > Permissions Tree Editor). This tool provides a central location to set view permissions for different usergroups. You can also edit individual zone and category permissions through their respective editing interfaces, but the Permissions Tree Editor offers a more streamlined and efficient approach.
What are match-key permissions and why would I use them?
Answer
Match-key permissions provide a more granular level of access control beyond the standard zone, page, and category permissions. They allow you to restrict access based on specific "match-keys", which are unique identifiers for different actions or content within Composr. For instance, you could use match-key permissions to prevent guests from submitting banners or to restrict access to the member directory for all but specific usergroups. You can also specify custom access denied errors for each match-key.
A "match-key" is typically a page-link, such as cms:cms_banners:add.
Can I display different content to different usergroups?
Answer
Yes, you can achieve this by leveraging Tempcode within your templates. By using conditional statements like {$IS_IN_GROUP} and {$HAS_PRIVILEGE}, you can show or hide specific content sections based on the user's group membership or privileges. This technique allows you to "tease" premium content to non-paying users or tailor the user experience based on their access level.
How can I test if my permission settings are working correctly?
Answer
Composr's "SU" feature allows administrators to temporarily assume the identity of another user, enabling you to experience the site as they would. Simply enter the desired username in the "SU" box in the footer. You can also use "Guest" to browse as an unauthenticated visitor. Remember that using "SU" doesn't accurately reflect online status and retains administrator access to sensitive areas.
What are some useful tools for debugging permission issues?
Answer
Composr provides a couple of tools to help pinpoint permission problems:
FirePHP: This browser add-on allows you to view detailed logs of permission checks performed by Composr. By analyzing these logs, you can identify which checks are failing and adjust your settings accordingly.
Permission Check Logging: Enable logging of failed permission checks to a file (data_custom/permission_checks.log). This provides a persistent record of permission issues that you can review and troubleshoot.
What are some security considerations regarding super-moderators and super-administrators?
Answer
While super-moderators have extensive access to manage your site, certain sensitive privileges are reserved for super-administrators. This includes the ability to impersonate other users, execute arbitrary code, and view private content. These restrictions help prevent potential privilege escalation and ensure the overall security of your website. Exercise caution when granting super-moderator status and trust only reliable individuals.
What happens when I add a new usergroup to a third-party forum integrated with Composr?
Answer
If you are not using Conversr as your forum, Composr won't automatically assign any permissions to the new usergroup. To rectify this, you can use the "Absorb usergroup-permissions" feature in the Admin Zone. This tool allows you to copy the permissions from an existing usergroup to the newly created one, ensuring consistent access and functionality.