This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit

eZ Community » Forums » Discussions » Adding custom security policy...

Tuesday 25 May 2010 4:45:00 pm - 7 replies

» Read full tutorial


This tutorial will show you how to deal with custom security policy limitations for your modules. Once read, you will be able to fully take advantage of the granularity in eZ Publish's security and access control system.

Tuesday 25 May 2010 7:27:23 pm

Wonderful tutorial!

Tuesday 25 May 2010 10:34:35 pm

Greate article!

But I didn't get the eZJSCore example, the whole point of hasAccessToLimitation() is to not have to deal with limitations yourself. Without limitations you can just as well use "$user->hasAccessTo( $module, $function )" and "fetch( 'user', 'has_access_to', ... )".

phpdoc (1.1 and up):

     * Check access to a specific module/function with limitation values.
     * See eZ Publish documentation on more info on module, function and
     * limitation values. Example: a user can have content/read permissions
     * but it can be limited to a specific limitation like a section, a node
     * or node tree. 1.x limitation: returns false if one of provided values
     * don't match but ignores limitations not specified in $limitations.
     * @param string $module
     * @param string $function
     * @param array|null $limitations A hash of limitation keys and values
     * @param bool Lets you get some additional debug information if set to true, useful while developing.
     * @return bool
    public static function hasAccessToLimitation( $module, $function, $limitations = null, $debug = false )

Friday 28 May 2010 9:23:28 am

Great tutorial!

One thing that is not universally known: you can set up a set of policies of which at least one has to be matched to give access to a view, as well as defining a set of policies all of which have to be matched:

$ViewList = array(
    'at_least_one' => array(
        'functions' => array( 'func1 or func2' ) ),
    'both' => array(
      'functions' => array( 'func1', 'func2' ) ) );
$FunctionList = array(
    'func1' => array(),
    'func2' => array(),

Modified on Friday 28 May 2010 9:24:19 am by Gaetano Giunta

Wednesday 24 November 2010 11:57:03 am

Very valuable tut.

But is there a way to implement access control for a whole module without having to insert hasAccessTo in every views ?

Thanx in advance

Wednesday 24 November 2010 2:22:57 pm

If you want to implement the finest granularity of the access control, I guess not. You really need to check the limitations access in every views.

Wednesday 24 November 2010 3:00:47 pm

Ok great Jérôme thanx a lot.

Monday 17 September 2012 3:17:40 pm

The reply has been removed because of violation of forum rules.


You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from