Definition of restrictions per site

[jentscke]

We have the following case: A pool of objects is used by a regular website. Every (anonymous) visitor is allowed to view all of them.
In addition to the regular website, there is another site which is secured by login. Each user is owner of a part of those objects and should only be able to see those objects.

Currently we are not able to restrict the view in the login site because it would also take effect to the regular website.

We see two possible options to solve this:

1. Create the restriction fieldset for each Pimcore site
2. Define a default group object for anonymous users (for each Pimcore site)

What's your opinion?

Best

[jentscke]

@solverat may I ask you for a quick response?

[solverat]

@jentscke Sorry for my late response. Not sure if I'm getting this right: Visitors on "Site 2" have restricted access to objects, which are fully accessible on "Site 1"?

Maybe we need to set this up:

Given:
- Object 1
- Object 2
- Object 3

- Site 1:
  - Every User has acces to Object 1 - Object 3

- Site 2:
  - User 1: Access to Object 1
  - User 2: Access to Object 2

[jentscke]

@solverat exactly.

To explain option 1: Use the current fields (Groups, inherit) as default permissions for all sites. Add this set of fields (optionally) for each site in pimcore in addition to be able to overwrite the default parameters.

While checking restriction we need to add some site parameter to pass the current site id. If nothing is configured, use defaults.

With the given example I would set the default to be open for every user to read.
On Object 1 / Object 2 add an additional fieldset (groups, inherit) for Site 2 and configure it. If inherit is enabled by some parent, the child elements should add the specific site configuration as well.