Developer forum

Frontend or backend?

So when seeing the product edit, the editor cannot see the image?

Or seeing the product in the frontend, you see the image?

Or when you log in as a restricted user, you can still browser that folder in the backend?

Something else?

See it like this:

The folder has permissions - inside that folder is an image that belongs to that folder. Uploading, editing and deleting the image is affected by permissions.

But a product that has a reference to that image, still has it - because the reference it self does not have a permission - or an option to set one...

Hi Nicolai,

Thanks for the answer. When I log in the frontend as the restricted user, I see both the category (which I would assume it would be hidden due to permissions), and the contents (product + picture).

Does the category in the frontend have a reference to the folder in the backend that is not covering the folder permissions? Is that intended behavior?

And, is there another way I can use permissions in the backend to hide folders for different users in the frontend?

The category you see in the frontend is a product group - not an asset group. Try naming them differently - "Group test", "Asset group test" etc. so you can see what is what.

You probably also created a group in eCommerce called test - that is what you are seeing.

You cannot set permissions on product groups or products. If you need different products for different users, you need to look into assortments.

You cannot hide a product asset set on a product using permissons on that asset in the file manager...

So sorry. I took the picture from the wrong page. 

It has nothing to do with products, only with digital assets. When logging in as a restricted user to the digital assets portal, they still have access to seing the category/image.

Still the same issue.

The digital assets are the result of a query in the index - there are no permissions in the index and it cannot be filtered out. Permissions cannot be indexed and has to be calculated runtime - and that would break facets, paging etc. of the search result. So currently this is not possible to do using permissions - technical limitation.

What you can do is to add expressions to the asset query - i.e. filtering out all images in a specific folder or path - i.e. like this:

Then you create more queries using expression like above. 

Or you add a parameter and use that as part of the query:

Then on the paragraph that contains the search, you can override the parameter in settings:

Then you can duplicate the row with the actual search and use different permissions on the rows:

This way you will show different rows with different searches using different parameters based on user permissions

Hi Nicolai

Thanks for a great explanation here :-)

When you say "Technical limitation" is that from what is possibble en DW now or is it something that is not possible to solve in a future version of DW either?

It would be a great addition, as this would benefit many, as I see it. I log into Digital Assetes Portal and I see the files I have permission to see.

I get that it is possible to get arond in they way you described, but it is quite a bit more combersome and hard to maintain and scale.

Best regards,
Rune

Since the list of Assets is a result of a query that comes from the index, the list cannot react to anything that is not in the index. Permissions are different from user to user and can therefore not be in the index - same problem as with live prices and facets. A search in the index might return 1000s of assets - and we do not know and cannot calculate which of these assets the current user has access to. So returning the correct count or returning the right facets for that result is not possible.

So we could say that you search assets and shows 10 on each page. The result is 1000 assets. On the first page you do not have access to any of them so we remove them when rendering causing 0 to be rendered and saying we are on page 1 of 100. It could also be that you have access to 2 of the 10 first - then 10 would be rendered.

Complete mess - so facets, paging and total count would be off if apply permissions during rendering. (You can do this your self in the template if you desire).

The only solution is to find out who and what has access to assets at index time. Not query time.

Roger.

And even if we have individual user groups and individual folders for images, those would still be "connected" through permissions, correct?
Is there a way to set any data on the user group that can be indexed to determine what folders can be shown frontend for those users.

Might be, I'm justs rambling at this point... grasping for straws.

We will look into that.

Thanks! :-)

Best Regards,
Rune