Limitation reference¶
Blocking limitation¶
A generic limitation type to use when no other limitation has been implemented.
Without any limitation assigned, a LimitationNotFoundException
is thrown.
It's called "blocking" because it always informs the permissions system that the user doesn't have access to any policy the limitation is assigned to, making the permissions system move on to the next policy.
Possible values¶
Value | UI value | Description |
---|---|---|
<mixed> |
<mixed> |
This is a generic limitation which doesn't validate the values provided to it. Make sure that you validate the values passed to this limitation in your own logic. |
Configuration¶
As this is a generic limitation, you can configure your custom limitations to use it. Out of the box FunctionList uses it in the following way:
1 2 3 4 5 6 7 |
|
ActivityLogOwner limitation¶
The ActivityLogOwner
limitation specifies if a user can see only their own recent activity log entries, and not entries from other users.
Value | UI value | Description |
---|---|---|
1 |
"Only own logs" | Current user can only access their own activity log entries. |
CartOwner limitation¶
The CartOwner
limitation specifies whether the user can modify a cart.
Possible values¶
Value | UI value | Description |
---|---|---|
"self" | "self" | Only the user who is the owner of the cart gets access. |
null |
none | User can access all carts. |
Change Owner limitation¶
The Change Owner (ChangeOwner
) limitation specifies whether the user can change the owner of a content item.
Possible values¶
Value | UI value | Description |
---|---|---|
1 |
"Forbid" | The user cannot change owner of a content item |
Content type Group limitation¶
The Content Type Group (UserGroup
) limitation specifies that only users with at least one common direct user group with the owner of content get the selected access right.
Possible values¶
Value | UI value | Description |
---|---|---|
1 |
"self" | Only a user who has at least one common direct user group with the owner gets access |
Content type Group of Parent limitation¶
The Content Type Group of Parent (ParentUserGroupLimitation
) limitation specifies that only Users with at least one common direct user group with the owner of the parent location of a content item get a certain access right, used by content/create
permission.
Possible values¶
Value | UI value | Description |
---|---|---|
1 |
"self" | Only a user who has at least one common direct user group with owner of the parent location gets access |
Content type limitation¶
The Content Type (ContentType
) limitation specifies whether the user has access to content with a specific content type.
Possible values¶
Value | UI value | Description |
---|---|---|
<ContentType_id> |
<ContentType_name> |
All valid content type IDs can be set as value(s) |
Content type of Parent limitation¶
The Content Type of Parent (ParentContentType
) limitation specifies whether the user has access to content whose parent location contains a specific content type, used by content/create
.
This limitation combined with ContentType
limitation allows you to define business rules like allowing users to create "Blog Post" within a "Blog."
If you also combine it with Owner of Parent
limitation, you effectively limit access to create Blog Posts in the users' own Blogs.
Possible values¶
Value | UI value | Description |
---|---|---|
<ContentType_id> |
<ContentType_name> |
All valid content type IDs can be set as value(s) |
Field Group limitation ¶
A Field Group (FieldGroup
) limitation specifies whether the user can work with content fields belonging to a specific group.
A user with this limitation is allowed to edit fields belonging to the indicated group.
Otherwise, the fields are inactive and filled with the default value (if set).
Possible values¶
Value | UI value | Description |
---|---|---|
<FieldGroup_identifier> |
<FieldGroup_identifier> |
All valid field group identifiers can be set as value(s) |
Language limitation¶
A Language (Language
) limitation specifies whether the user has access to work on the specified translation.
A user with this limitation is allowed to:
- Create new content with the given translation(s) only. This only applies to creating the first version of a content item.
- Edit content by adding a new translation or modifying an existing translation.
- Publish content only when it results in adding or modifying an allowed translation.
- Delete content only when it contains a translation into the specified language.
Possible values¶
Value | UI value | Description |
---|---|---|
<Language_code> |
<LanguageCode_name> |
All valid language codes can be set as value(s) |
Location limitation¶
A location (Location
) limitation specifies whether the user has access to content with a specific location, in case of content/create
the parent location is evaluated.
Possible values¶
Value | UI value | Description |
---|---|---|
<Location_id> |
<Location_name> |
All valid location IDs can be set as value(s) |
New Section limitation¶
A New Section (NewSection
) limitation specifies whether the user has access to assigning content to a given section.
In the section/assign
policy you can combine this with section limitation to limit both from and to values.
Possible values¶
Value | UI value | Description |
---|---|---|
<Session_id> |
<Session_name> |
All valid session IDs can be set as value(s) |
New State limitation¶
A New State (NewObjectState
) limitation specifies whether the user has access to (assigning) a given object state to content.
In the state/assign
policy you can combine this with State limitation to limit both from and to values.
Possible values¶
Value | UI value | Description |
---|---|---|
<State_id> |
<State_name> |
All valid state IDs can be set as value(s) |
Object State limitation¶
The Object State (ObjectState
) limitation specifies whether the user has access to content with a specific object state.
Possible values¶
Value | UI value | Description |
---|---|---|
<ObjectState_id> |
<ObjectState_name> |
All valid Object state IDs can be set as value(s) |
Order Owner limitation¶
The Order Owner (OrderOwner
) limitation specifies whether the user can modify an order.
Possible values¶
Value | UI value | Description |
---|---|---|
"self" | "self" | Users can access only their own orders. |
Owner limitation¶
The Owner (Owner
) limitation specifies that only the owner of the content item gets the selected access right.
Possible values¶
Value | UI value | Description |
---|---|---|
1 |
"self" | Only the user who is the owner gets access |
2 |
"session" | Deprecated and works exactly like "self" in public PHP API since it has no knowledge of user Sessions |
Owner of Parent limitation¶
The Owner of Parent (ParentOwner
) limitation specifies that only the users who own all parent locations of a content item get a certain access right, used for content/create
permission.
Possible values¶
Value | UI value | Description |
---|---|---|
1 |
"self" | Only the user who is the owner of all parent locations gets access |
2 |
"session" | Deprecated and works exactly like "self" in public PHP API since it has no knowledge of user Sessions |
Parent Depth limitation¶
The Parent Depth (ParentDepth
) limitation specifies whether the user has access to creating content under a parent location within a specific depth of the tree, used for content/create
permission.
Possible values¶
Value | UI value | Description |
---|---|---|
<int> |
<int> |
All valid integers can be set as value(s) |
PaymentOwner limitation¶
The Payment Owner (PaymentOwner
) limitation specifies whether the user can modify a payment.
Possible values¶
Value | UI value | Description |
---|---|---|
"self" | "self" | Users can access only their own payments. |
"all" | none | Users can access all payments. |
Personalization access limitation¶
The Personalization limitation specifies the SiteAccesses for which the user can view or modify the scenario configuration.
Product Type limitation¶
The Product Type (ProductType
) limitation specifies whether the user has access to products belonging to a specific product type.
Possible values¶
Value | UI value | Description |
---|---|---|
<ContentType_id> |
<ContentType_name> |
All valid content type IDs can be set as value(s) |
Section limitation¶
The Section (Section
) limitation specifies whether the user has access to content within a specific section.
This limitation can be used as a role limitation.
Possible values¶
Value | UI value | Description |
---|---|---|
<Session_id> |
<Session_name> |
All valid session IDs can be set as value(s) |
Segment group limitation ¶
The segment group (SegmentGroup
) limitation specifies whether the user has access segments within a specific segment group.
This limitation can be used as a role limitation.
Possible values¶
Value | UI value | Description |
---|---|---|
<Segment_group_id> |
<Segment_group_name> |
All valid segment group IDs can be set as value(s). |
SiteAccess limitation¶
The SiteAccess (SiteAccess
) limitation specifies to which SiteAccesses a certain permission applies, used by user/login
.
Possible values¶
Value | UI value | Description |
---|---|---|
<siteaccess_hash> |
<siteaccess_name> |
Hash is calculated in the following way in legacy in default 64bit mode: sprintf( '%u', crc32( $siteAccessName ) ) |
Legacy compatibility notes¶
SiteAccess
limitationĀ is deprecated and isn't used actively in public PHP API, but is allowed for being able to read / create limitations for legacy.
Shipment Owner limitation¶
The Shipment Owner (ShipmentOwner
) limitation specifies whether the user can modify a shipment.
Possible values¶
Value | UI value | Description |
---|---|---|
"self" | "self" | Users can access only their own shipments. |
Subtree limitation¶
The subtree (Subtree
) limitation specifies whether the user has access to content within a specific subtree of location, in case of content/create
the parent subtree of locationĀ is evaluated.
This limitation can be used as a role limitation.
Possible values¶
Value | UI value | Description |
---|---|---|
<Location_pathString> |
<Location_name> |
All valid location pathStrings can be set as value(s) |
Usage notes¶
For more information on how to restrict user's access to part of the subtree, see the example in the Admin management section.
Version Lock limitation¶
The Version Lock (VersionLock
) limitation specifies whether the user can perform actions, for example, edit or unlock, on content items that are in a workflow.
This limitation can be used as a role limitation.
Possible values¶
Value | UI value | Description |
---|---|---|
userId |
"Assigned only" | Users can perform actions only on content items that are assigned to them or not assigned to anybody. |
null |
none | Users can perform actions on all drafts, regardless of the assignments or whether drafts are locked or not. |
Workflow Stage limitation¶
The Workflow Stage (WorkflowStage
) limitation specifies whether the user can edit content in a specific workflow stage.
Possible values¶
The limitation takes as values stages configured for the workflow.
Workflow Transition limitation¶
The Workflow Transition (WorkflowTransition
) limitation specifies whether the user can move the content in a workflow through a specific transition.
Possible values¶
The limitation takes as values transitions between stages configured for the workflow.