Difference between revisions of "Geeklog Permissions"
(quick introduction into read/write access) |
|||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | The best way to learn about Geeklog permissions is to try things out and | + | The Geeklog permissions are (loosely) based on the concept borrowed from UNIX file systems: Geeklog objects (e.g. stories) have "read" and "write" access permissions. Those can further be restricted by groups and their owner. |
− | see what happens. | + | |
+ | For a typical Geeklog object, you can set: | ||
+ | * read and write access for the '''owner''' (e.g. the story's original author) | ||
+ | * read and write access for the '''group''' (e.g. Story Admin group), i.e. all the users in this group | ||
+ | * read access only for '''logged-in users''' | ||
+ | * read access only for '''anonymous users''' | ||
+ | |||
+ | By removing the read access for anonymous users, you can then hide an object from any visitors that are not logged in. | ||
+ | |||
+ | :"The best way to learn about Geeklog permissions is to try things out and see what happens." | ||
+ | |||
== Interactions of Article and Topic Permissions == | == Interactions of Article and Topic Permissions == | ||
Line 6: | Line 16: | ||
If you want a user to be able to edit an article that they are the owner | If you want a user to be able to edit an article that they are the owner | ||
of they need both READ and EDIT permissions for both the article and the | of they need both READ and EDIT permissions for both the article and the | ||
− | topic to which that article belongs. | + | [[Topics|topic]] to which that article belongs. |
The thinking behind this is that you should not be able to edit an | The thinking behind this is that you should not be able to edit an | ||
Line 17: | Line 27: | ||
over riding reason to do so. | over riding reason to do so. | ||
− | This is not a security hole because you need read/edit for | + | This is not a security hole because you need read/edit for ''both'' the |
article you want to edit and the topic that it is in. Again, it just | article you want to edit and the topic that it is in. Again, it just | ||
allows the Geeklog admin a much finer level of control. | allows the Geeklog admin a much finer level of control. | ||
+ | |||
+ | '''Note:''' The default permissions can be changed in the Configuration admin control panel: Configuration > Geeklog > Miscellaneous. Scroll down to "Story Default Permission" and "Topic Default Permission". | ||
+ | |||
+ | Also see the Geeklog FAQ: [http://www.geeklog.net/faqman/index.php?op=view&t=23 Setting up a Story Admin] |
Latest revision as of 13:32, 27 May 2009
The Geeklog permissions are (loosely) based on the concept borrowed from UNIX file systems: Geeklog objects (e.g. stories) have "read" and "write" access permissions. Those can further be restricted by groups and their owner.
For a typical Geeklog object, you can set:
- read and write access for the owner (e.g. the story's original author)
- read and write access for the group (e.g. Story Admin group), i.e. all the users in this group
- read access only for logged-in users
- read access only for anonymous users
By removing the read access for anonymous users, you can then hide an object from any visitors that are not logged in.
- "The best way to learn about Geeklog permissions is to try things out and see what happens."
Interactions of Article and Topic Permissions
If you want a user to be able to edit an article that they are the owner of they need both READ and EDIT permissions for both the article and the topic to which that article belongs.
The thinking behind this is that you should not be able to edit an article (even if you originally wrote it and/or are the current owner) unless you have edit permissions for the topic as well. This allows a site Admin to restrict certain types of access to a given topic. Granted, this is not the simplest thing to understand and it perhaps should be rethought. However, since its been this way for several major releases now it is unlikely it will be changed unless there is an over riding reason to do so.
This is not a security hole because you need read/edit for both the article you want to edit and the topic that it is in. Again, it just allows the Geeklog admin a much finer level of control.
Note: The default permissions can be changed in the Configuration admin control panel: Configuration > Geeklog > Miscellaneous. Scroll down to "Story Default Permission" and "Topic Default Permission".
Also see the Geeklog FAQ: Setting up a Story Admin