This access permission level is checked in the prologue and is assigned in the service file .access.php containing a PHP array in the following format:
$PERM[file/folder][user group ID] = "access permission ID";In this line:
If the Site
Explorer module is installed, you can assign permissions manually in the
administrative section (menu
If a user is a member of more than one group, the maximum permission among those groups is taken.
If a current file or folder is not assigned the access permission explicitly, the access permission of a parent folder is taken.
<? $PERM["index.php"]["2"] = "R"; $PERM["index.php"]["3"] = "D"; ?>
Upon attempt to open the page
/dir/index.php, a user who is the
member of the group ID=3 will have a permission D (deny), while a
user from the group ID=2 will have a permission R (read). User who
is the member of the both groups will have the maximum possible access
permission R (read).
<? $PERM["admin"]["*"] = "D"; $PERM["admin"]["1"] = "R"; $PERM["/"]["*"] = "R"; $PERM["/"]["1"] = "W"; ?>
<? $PERM["index.php"]["3"] = "R"; ?>
Upon attempt to open the page /admin/index.php, a user who is the member of the group ID=3 may be granted access, while a user from the group ID=2 cannot gain access. All users may access the page /index.php.
To common static public pages, the access level 1 may be only applied (see above).
If a user has a minimum permission R (read) to a file, and if the file is a functional part of a module, permissions of the access level 2 are checked. These permissions are assigned in settings of the corresponding module.
When opening the Tickets techsupport page, the administrator views all tickets, while a techsupport member can view only those tickets for which he is in charge, and a common user can view his personal tickets only. This is the way the access permission functions within the Techsupport module logic.
Currently, two approaches are used with permissions of the access level 2:
The main distinction between these methods is as follows: if a user has more that one permissions, the maximum permission is selected; while if a user has more than one role, he is assumed to have a total scope of roles.
|© 2001-2005 Bitrix||Bitrix Site Manager - Content Management & Portal Solutions|