Thread

I would like to allow one of my member groups to edit their own posts. I made the selections in my Admin Control Panel but when a member from that group signs in, they cannot access any of their posts in their control panel.

I checked “Control Panel Access” - yes, “Control Panel Area Access”- PUBLISH and EDIT. Have I missed something? I’m using a SAEF in the website but I don’t think that would interfere.

Did you give them access to the particular weblog/s in the same admin area?

Luke is correct, you also need to give them access to a particular weblog. If you clone a previous member group, it doesn’t clone the list of weblogs the other member group has access to. You need to manually assign the permissions.

Does that help?

Yes, they are assigned to/have access to a particular weblog.

What version and build are you running?  And if you log in as one of those members- can you access the publish page?  Can you access that weblog on the publish page?  Can you access the edit page- and is that weblog an option on the edit page for them?

Robin, I’m running 1.5.2. I think I see how this works now ... kind of. If I log in as one of these members on my website, I can go to a “Control Panel,” which is really their membership profile. No access to Publish, Edit or posts.

But if I log in as this same member on my Expression Engine Control Panel, I do have access to the Publish and Edit pages.

Now my questions become: can I restrict the particular member’s access to only the posts that they made and no one else’s? How much security risk am I taking by allowing a member group to have limited access to my Expression Engine Control Panel?

Thanks!

I’m a little fuzzy on how you’ve set things up on the front side of things- the standard membership ‘control panel’ on the front end won’t provide access to the publish/edit/backend bits.  Just pretty much their user info and settings.

Now- you can construct a front end interface- use the SAEF- and Solspace has a module that will allow editing of a user’s entries.  But you’ll need to sort of ‘build’ a control panel so they can access those bits- particularly if you want to allow them to edit things.  (Really isn’t that hard.)

If you want to allow them backend access- you CAN limit them to only seeing their own posts and only being able to edit their own posts- that will happen based on their member group settings.  You’ve got pretty fine grained control there.  For security- it might be a good idea to mask access to the backend control panel- which basically keeps them from seeing the system folder, yet gives them the same backend interface.

Which route to go really just depends.  If you need a highly customized post/edit interface, it’s easier to keep things limited to the frontend and use the SAEF and Solspaces mod- and build them a little interface so they can see their own posts and click to edit them- in the regular templates.  On the other hand- if the standard backend works just fine, there’s no harm in allowing them access to a masked cp.  Really just a judgment call based on your needs.

That make some sense?

Makes perfect sense to me. I think for the time being, I’ll mask the url and allow back end access. I think I see where to restrict the member to their posts only.

For the longer term fix the Solspace SAEF is probably my best bet. I like keeping things easy for members and doing all from the front end is more appealing. There are several Solspace modules I am considering and this is one of them. Didn’t realize it was capable of so much customization for my little SAEF!

Thanks, Robin.