CX_props_eventstorestrict_text.txt CalendarX 0.5.3(dev) March 26 2005 (last modified for CalendarX 0.5.1) by +lupa+ (lupaz on sf.net, lupa at zurven dot com) Released under the GPL (see LICENSE.txt) Instructions for properties in CX_props_eventstorestrict. Use the Properties tab to adjust the attributes of the calendar as available. This property sheet controls what events will be restricted from showing up on the calendar according to the User's roles, group membership or username. You can restrict events according to path, review state, Subject categories, Event type, and/or a list of Creators. In brief, CalendarX applies the 'events to allow' properties first to gather a list of events, and then looks at the User and these properties to see how that original list should be further restricted for security. This is a long property sheet. It is broken down as follows: #1 Types , restricted or allowable by Roles, Users, Groups #2 Subjects , restricted or allowable by Roles, Users, Groups #3 Paths , restricted or allowable by Roles, Users, Groups #4 Creators , restricted or allowable by Roles, Users, Groups #5 Review States, restricted or allowable by Roles, Users, Groups There are six ways of restricting each, and three properties to control each way, making a total of 90 properties on this sheet. Please take care to set your calendar up appropriately if relying on these properties for secure access to any sensitive information. And if you're really concerned about security, remember that John Ashcroft is looking for a job :) === List of Attributes === title string Leave this title attribute alone. #1a TYPES restricted by ROLES disallowTypesForRoles boolean listOfDisallowedTypesForRoles lines listOfDisallowedRolesForTypes lines Together, these three properties restrict the TYPE of event according to the roles of the User. A typical use of this would be in an organization that runs a public website, but wants a type of Events ('Member Event') that are only visible to Members (those who have joined and are logged in to the site). To do this, simply put 'Member Event' in the listOfDisallowedTypesForRoles list, add 'Anonymous' to the listOfDisallowedRolesForTypes list, and check the property to enable disallowTypesForRoles. Now the calendar will check the role of the current User before displaying any 'Member Event'. NOTE: Double check to make sure that you correctly spell and capitalize the names of the Types and the Roles that you use here, or else they will not properly match the values stored in the catalog, and will not properly restrict these events as intended. #1b TYPES allowable by ROLES allowTypesOnlyForRoles boolean listOfAllowedTypesOnlyForRoles lines listOfAllowedRolesOnlyForTypes lines Together, these three properties enable you to allow certain Types of events ONLY for Users with certain roles. A typical use of this would be in an organization that runs a public website, but wants its Staff people to be able to see Staff Events that are only visible to Staff members (those given a Staff role). To do this, simply put 'Staff Event' in the listOfDisallowedTypesForRoles list, add 'Staff' to the listOfDisallowedRolesForTypes list, and check the property for disallowTypesForRoles. #1c TYPES restricted by USERS disallowTypesForUsers boolean listOfDisallowedTypesForUsers lines listOfDisallowedUsersForTypes lines Together, these three properties restrict the TYPE of event according to the identity of the specific User visiting the calendar. List the Types you want to restrict in the listOfDisallowedTypesForUsers property. List the Users (usernames) that should be kept away from these Types in the listOfDisallowedUsersOnlyForTypes property. #1d TYPES allowable by USERS allowTypesOnlyForUsers boolean listOfAllowedTypesOnlyForUsers lines listOfAllowedUsersOnlyForTypes lines Together, these three properties enable you to allow certain Types of events ONLY for certain Users. List the Types you want to allow in the listOfAllowedTypesOnlyForUsers property. List the Users (usernames) who should have access to these Types in the listOfAllowedUsersOnlyForTypes property. #1e TYPES restricted by GROUPS disallowTypesForGroups boolean listOfDisallowedTypesForGroups lines listOfDisallowedGroupsForTypes lines Together, these three properties restrict the TYPE of event according to the group memberships of the specific User visiting the calendar. List the Types you want to restrict in the listOfDisallowedTypesForGroups property. List the Group names who should be kept away from these Types in the listOfDisallowedUsersOnlyForGroups property. #1f TYPES allowable by GROUPS allowTypesOnlyForGroups boolean listOfAllowedTypesOnlyForGroups lines listOfAllowedGroupsOnlyForTypes lines Together, these three properties enable you to allow certain Types of events ONLY for members of certain groups. List the Types you want to allow in the listOfAllowedTypesOnlyForGroups property. List the Group names that should have access to these types in the listOfAllowedGroupsOnlyForTypes property. #2a SUBJECTS restricted by ROLES disallowSubjectsForRoles boolean listOfDisallowedSubjectsForRoles lines listOfDisallowedRolesForSubjects lines Together, these three properties restrict events with certain Subjects according to the roles of the specific User visiting the calendar. List the Subjects you want to restrict in the listOfDisallowedSubjectsForRoles property. List the Roles that should be kept away from these Subjects in the listOfDisallowedRolesForSubjects property. #2b SUBJECTS allowable by ROLES allowSubjectsOnlyForRoles boolean listOfAllowedSubjectsOnlyForRoles lines listOfAllowedRolesOnlyForSubjects lines Together, these three properties enable you to allow events with certain Subjects to be shown ONLY for members with certain Roles. List the Subjects you want to allow in the listOfAllowedSubjectsOnlyForRoles property. List the Roles that should have access to these Subjects in the listOfAllowedRolesOnlyForSubjects property. #2c SUBJECTS restricted by USERS disallowSubjectsForUsers boolean listOfDisallowedSubjectsForUsers lines listOfDisallowedUsersForSubjects lines Together, these three properties restrict events with certain Subjects according to the username of the specific User visiting the calendar. List the Subjects you want to restrict in the listOfDisallowedSubjectsForUsers property. List the Roles that should be kept away from these Subjects in the listOfDisallowedUsersForSubjects property. Use case: You know that annoying guy from marketing that the VP put on your product development team? Well with this tool, now he really won't know about the meetings... just list his username here along with the Subject 'Product Development Meeting', and he'll never know what hit him. Just remember to take him back off the list right after each meeting, so he won't suspect anything. Then complain that he's a slacker who keeps missing the meetings... he'll be gone in no time. #2d SUBJECTS allowable by USERS allowSubjectsOnlyForUsers boolean listOfAllowedSubjectsOnlyForUsers lines listOfAllowedUsersOnlyForSubjects lines Together, these three properties enable you to allow events with certain Subjects to be shown ONLY for certain Users. List the Subjects you want to allow in the listOfAllowedSubjectsOnlyForUsers property. List the Usernames that should have access to these Subjects in the listOfAllowedUsersOnlyForSubjects property. #2e SUBJECTS restricted by GROUPS disallowSubjectsForGroups boolean listOfDisallowedSubjectsForGroups lines listOfDisallowedGroupsForSubjects lines Together, these three properties restrict events with certain Subjects according to the Group memberships of the specific User. List the Subjects you want to restrict in the listOfDisallowedSubjectsForGroups property. List the Groups that should be kept away from these Subjects in the listOfDisallowedGroupsForSubjects property. Note: Groupnames here do NOT need the prefix that Plone puts on groups. Groups in Plone are a type of user, and as such simply have a prefix at the beginning of the name. So for a 'staff' group, this usually shows up in the catalog as 'group_staff', where 'group_' is the prefix. Don't use the prefix here... just say 'staff' because CalendarX strips off the prefix internally. #2f SUBJECTS allowable by GROUPS allowSubjectsOnlyForGroups boolean listOfAllowedSubjectsOnlyForGroups lines listOfAllowedGroupsOnlyForSubjects lines Together, these three properties enable you to allow events with certain Subjects to be shown ONLY for certain Users belonging to certain Groups. List the Subjects you want to allow in the listOfAllowedSubjectsOnlyForGroups property. List the Groupnames that should have access to these Subjects in the listOfAllowedGroupsOnlyForSubjects property. #3a PATHS restricted by ROLES disallowPathsForRoles boolean listOfDisallowedPathsForRoles lines listOfDisallowedRolesForPaths lines Together, these three properties restrict events located in certain folder paths according to the roles of the specific User visiting the calendar. List the folder paths you want to restrict in the listOfDisallowedPathsForRoles property. List the Roles that should be kept away from these folder paths in the listOfDisallowedRolesForPaths property. Note: To use this feature, you must use a full path exactly as found in your path index. Two examples: /clients/companyplonesite/Members/fred /clients/companyplonesite/staff These two paths represent folders where Events can be stored that will be kept away from certain users using these properties. Also folders deeper than this (subfolders of /staff, for example) will also be disallowed. If you are having any trouble with this property, please go to the portal_catalog, click on the Catalog tab, and find one of the events that *should* show up on the calendar. Look near the bottom of the page to see what path is being indexed by the "path" index, and use that as the path to the folder that you will use in listOfPaths. In the future of CalendarX (this branch), we'll change this so that you only need to use the path from the portal root ('/staff'). #3b PATHS allowable by ROLES allowPathsOnlyForRoles boolean listOfAllowedPathsOnlyForRoles lines listOfAllowedRolesOnlyForPaths lines Together, these three properties enable you to allow events located in certain folder paths to be shown ONLY for members with certain Roles. List the folder paths you want to allow in the listOfAllowedPathsOnlyForRoles property. List the Roles that should have access to these folder paths in the listOfAllowedRolesOnlyForPaths property. Use Case: This is a good supplement to some of Plone's built in security methods that are not implemented fully. An example is setting up a Plone Folder with an id of 'staff', and then creating a user group called 'Staff', and in the Security tab of your portal, you create a new Role also called 'Staff'. In acl_users, you assign the new 'Staff' role to the new 'Staff' group. And finally, in the '/staff' folder, you set up a local role (using the Sharing tab in Plone) for the 'staff' group as Owner or Manager. This *should* be enough. This will work for most other security uses now, in that anyone NOT belonging to the Staff group can't see the /staff folder, and can't access the contents. But unfortunately, Events placed in the /staff folder will still show up on the calendar for everyone to see. Of course, if a non-staff user clicks on one of those Events in the /staff folder they will be denied by the Plone security mechanism, but the unfortunate part of this is that Plone's security is missing a proper check on folder security for content within the folder. The Plone core developers know about this problem (see http://plone.org/development/plips/16 for more information about it... it's a problem with the way the portal_catalog keeps track of security) and it should be fixed by Plone 2.1 or so. Meanwhile, to keep CalendarX from showing these staff events to non-staff, simply put '/myportal/staff' in the listOfAllowedPathsOnlyForRoles list, and put 'staff' in the listOfAllowedRolesOnlyForPaths list. Now ONLY staff will have these events show up on their calendar... everyone else will be spared the agony of staff meetings. #3c PATHS restricted by USERS disallowPathsForUsers boolean listOfDisallowedPathsForUsers lines listOfDisallowedUsersForPaths lines Together, these three properties restrict events located in certain folder paths according to the username of the specific User visiting the calendar. List the folder paths you want to restrict in the listOfDisallowedPathsForUsers property. List the usernames that should be kept away from these folder paths in the listOfDisallowedUsersForPaths property. #3d PATHS allowable by USERS allowPathsOnlyForUsers boolean listOfAllowedPathsOnlyForUsers lines listOfAllowedUsersOnlyForPaths lines Together, these three properties enable you to allow events located in certain folder paths to be shown ONLY for members with certain usernames. List the folder paths you want to allow in the listOfAllowedPathsOnlyForUsers property. List the usernames that should have access to these folder paths in the listOfAllowedUsersOnlyForPaths property. #3e PATHS restricted by GROUPS disallowPathsForGroups boolean listOfDisallowedPathsForGroups lines listOfDisallowedGroupsForPaths lines Together, these three properties restrict events located in certain folder paths according to the Group memberships of the specific User visiting the calendar. List the folder paths you want to restrict in the listOfDisallowedPathsForGroups property. List the Group names that should be kept away from these folder paths in the listOfDisallowedGroupsForPaths property. #3f PATHS allowable by GROUPS allowPathsOnlyForGroups boolean listOfAllowedPathsOnlyForGroups lines listOfAllowedGroupsOnlyForPaths lines Together, these three properties enable you to allow events located in certain folder paths to be shown ONLY for members belonging to certain Groups. List the folder paths you want to allow in the listOfAllowedPathsOnlyForGroups property. List the Group names that should have access to these folder paths in the listOfAllowedGroupsOnlyForPaths property. #4a CREATORS restricted by ROLES disallowCreatorsForRoles:boolean listOfDisallowedCreatorsForRoles:lines listOfDisallowedRolesForCreators:lines Together, these three properties restrict events created by certain users (the Creator of those events) according to the roles of the specific User visiting the calendar. List the Creators you want to restrict in the listOfDisallowedCreatorsForRoles property. List the Roles that should be kept away from the events originated by these Creators in the listOfDisallowedRolesForCreators property. #4b CREATORS allowable by ROLES allowCreatorsOnlyForRoles:boolean listOfAllowedCreatorsOnlyForRoles:lines listOfAllowedRolesOnlyForCreators:lines Together, these three properties enable you to allow events created by certain users to be shown ONLY for members with certain Roles. List the Creators you want to allow in the listOfAllowedCreatorsOnlyForRoles property. List the Roles that should have access to these Creators' events in the listOfAllowedRolesOnlyForCreators property. #4c CREATORS restricted by USERS disallowCreatorsForUsers:boolean listOfDisallowedCreatorsForUsers:lines listOfDisallowedUsersForCreators:lines Together, these three properties restrict events created by certain users (the Creator of those events) according to the username of the specific User visiting the calendar. List the Creators you want to restrict in the listOfDisallowedCreatorsForUsers property. List the usernames that should be kept away from the events originated by these Creators in the listOfDisallowedUsersForCreators property. #4d CREATORS allowable by USERS allowCreatorsOnlyForUsers:boolean listOfAllowedCreatorsOnlyForUsers:lines listOfAllowedUsersOnlyForCreators:lines Together, these three properties enable you to allow events created by certain users (the Creator of those events) to be shown ONLY for members with certain usernames. List the Creators you want to allow in the listOfAllowedCreatorsOnlyForUsers property. List the usernames that should have access to the events originated by these Creators in the listOfAllowedUsersOnlyForCreators property. #4e CREATORS restricted by GROUPS disallowCreatorsForGroups:boolean listOfDisallowedCreatorsForGroups:lines listOfDisallowedGroupsForCreators:lines Together, these three properties restrict events created by certain users (Creator of those events) according to the Group memberships of the specific User visiting the calendar. List the Creators you want to restrict in the listOfDisallowedCreatorsForGroups property. List the Group names that should be kept away from the events originated by these Creators in the listOfDisallowedGroupsForCreators property. #4f CREATORS allowable by GROUPS allowCreatorsOnlyForGroups:boolean listOfAllowedCreatorsOnlyForGroups:lines listOfAllowedGroupsOnlyForCreators:lines Together, these three properties enable you to allow events created by certain users to be shown ONLY for members belonging to certain Groups. List the folder paths you want to allow in the listOfAllowedCreatorsOnlyForGroups property. List the Group names that should have access to the events originated by these Creators in the listOfAllowedGroupsOnlyForCreators property. #5a STATES restricted by ROLES disallowStatesForRoles:boolean listOfDisallowedStatesForRoles:lines listOfDisallowedRolesForStates:lines Together, these three properties restrict events with certain review states according to the roles of the specific User visiting the calendar. List the review states you want to restrict in the listOfDisallowedStatesForRoles property. List the Roles that should be kept away from the events with these review states in the listOfDisallowedRolesForStates property. #5b STATES allowable by ROLES allowStatesOnlyForRoles:boolean listOfAllowedStatesOnlyForRoles:lines listOfAllowedRolesOnlyForStates:lines Together, these three properties enable you to allow events with certain review states to be shown ONLY for members with certain Roles. List the review states you want to allow in the listOfAllowedStatesOnlyForRoles property. List the Roles that should have access to the events with these review states in the listOfAllowedRolesOnlyForStates property. #5c STATES restricted by USERS disallowStatesForUsers:boolean listOfDisallowedStatesForUsers:lines listOfDisallowedUsersForStates:lines Together, these three properties restrict events with certain review states according to the username of the specific User visiting the calendar. List the review states you want to restrict in the listOfDisallowedStatesForUsers property. List the usernames that should be kept away from these folder paths in the listOfDisallowedUsersForStates property. #5d STATES allowable by USERS allowStatesOnlyForUsers:boolean listOfAllowedStatesOnlyForUsers:lines listOfAllowedUsersOnlyForStates:lines Together, these three properties enable you to allow events with certain review states to be shown ONLY for members with certain usernames. List the review states you want to allow in the listOfAllowedStatesOnlyForUsers property. List the usernames that should have access to these folder paths in the listOfAllowedUsersOnlyForStates property. #5e STATES restricted by GROUPS disallowStatesForGroups:boolean listOfDisallowedStatesForGroups:lines listOfDisallowedGroupsForStates:lines Together, these three properties restrict events with certain review states according to the Group memberships of the specific User visiting the calendar. List the review states you want to restrict in the listOfDisallowedStatesForGroups property. List the Group names that should be kept away from the objects with these review states in the listOfDisallowedGroupsForStates property. #5f STATES allowable by GROUPS allowStatesOnlyForGroups:boolean listOfAllowedStatesOnlyForGroups:lines listOfAllowedGroupsOnlyForStates:lines Together, these three properties enable you to allow events with certain review states to be shown ONLY for members belonging to certain Groups. List the folder paths you want to allow in the listOfAllowedStatesOnlyForGroups property. List the Group names that should have access to the objects with these review states in the listOfAllowedGroupsOnlyForStates property.