PostNuke

Flexible Content Management System

News

New Permissions Module for PostNuke

Contributed by on Jan 27, 2004 - 01:27 AM

The first version of the BSCI Permissions module wasn't a module at all. The code was written about a year ago to work with PHP-Nuke 6.0 to control access to my production website. After about 3-4 months of using PHP-Nuke I made the switch to PostNuke. At that point in time I re-wrote the code as a PostNuke module. That version of code is currently running on my site. You can see the effects of the code by going to >www.bariatricsupportcenter.com. You will not find any information about this module at that site. You can use it to view the effects of the module but I would request that you only register on the site if you are interested in the topics related to the site. The module itself can be found at >http://noc.postnuke.com/projects/bscipermissions.



The current version of the module is designed to use Xanthia and pnRender. The production site is not currently using Xanthia since it hasn't been officially released yet. You can find Xanthia >here. I would put up a link to my dev box where you could see this latest version, but it is on a dynamic ip address that changes every couple of hours so it is out of the question. The solution....Install it yourself and give it a try.



Access to the various modules is defined by group. Anonymous, Registered User, Admin, or any any other group that you have defined in the Groups module of PostNuke (NS-Groups). If you want a certain group to have access to a module you just go to the BSCIpermissions Administration section and choose the module. Then put a check next to each group that you want to be able to access the module. It's that easy. If you want to temporarily disable access to a module on your site, just remove all the checks for each of the groups for that module. You can set the permissions on a module so that it can only be accessed by an admin. This allows you to install a module and test it's functionality without giving every user access to the module until you know that it works properly.



You may be asking yourself why you would need this module. You may be saying to yourself "PostNuke already has a permission system it doesn't need another one". To that I would suggest that you try and configure your system to not allow anyone but registered users to access the News module on your site. How about any other 3rd party module that hasn't implemented the PostNuke security system. The ability to grant/deny access to a part of your site shouldn't be limited to the ability of the module designer. Do you know they wrote the module correctly? Are you sure they put the appropriate checks in place for each function? What if they didn't? Do you really want to leave that up to the developer? The BSCI Permissions module leaves the control in the hands of the Systems Administrator where it belongs.



Don't get me wrong. I like the flexibility of the current PostNuke permissions system. That is why I wrote this module to work in conjunction with it. The BSCI Permissions module isn't meant to replace the current permission system. It is meant to enhance it. It is meant to plug the holes that exist in the current system since the current system can't be used to allow/block access to all PostNuke modules. (Since all modules don't implement the PostNuke permissions system.) Even if a module correctly implements the PostNuke permission system it is a difficult system to learn to correctly operate as a Systems Administrator. How many posts have we seen in the forums by people who can't figure it out. The BSCI Permissions system has been designed to be simple enough that even someone who is using PostNuke for the first time can figure it out in a matter of minutes.



Download the files, Read the install file and then take control of your site. See for yourself if it is as easy as I say. I personally think it should be part of the Core PostNuke system. What do you think? Install the files, take it for a test drive and post your comments. What would you change? What would you add? Do you agree with me that it should be part of the Core or do you think it is better to be an add-on? Keep in mind that the module requires that you add approximately 11 lines of code to your main index.php file and your modules.php file. In order to protect ALL modules there needs to be code in the files that load the modules. This is why I think it should be part of the Core. The System Admin should be able to use the system without needing to modify their index.php and modules.php files. The overhead of not using the system is a single call to see if the BSCI Permissions module is activated or not.

Test it out. See if it isn't as easy as I say it is. Once you've used it you won't want to go back.

Chris Miller
9531