User:Skippy/ACL Branch

From Habari Project

Jump to: navigation, search

The ACL branch is intended to be the test bed in which a robust permissions system can be developed.

Please read the Permissions and Classes/ACL pages to get an understanding of how the permission system is intended to work.

Currently, most work on this branch has been focused on defining a reasonable set of default usergroups, and assigning sane defaults to these.

The currently defined groups are:

  • anonymous
  • member
  • author
  • editor
  • administrator

The default permissions are:

  • anonymous
    • View entries
    • View pages
  • member
    • Log in
    • View entries
    • View pages
  • author
    • Access the dashboard
    • Create entries
    • Create pages
    • Edit entries
    • Edit pages
    • Manage unapproved comments
    • Manage approved comments
    • Manage spam comments
  • editor
    • Edit all entries
    • Edit all pages
    • Manage all unapproved comments
    • Manage all approved comments
    • Manage all spam comments
  • admin
    • Change system options
    • Activate and deactivate plugins
    • Activate themes
    • Manage user accounts
    • Create new user accounts
    • Delete user accounts
    • Manager user groups
    • View system log messages
    • Manage tags

Default usergroups and permissions are assigned in the installhandler, during the installation process. The installer makes the first user a member of the "user", "author", "editor" and "administrator" groups.

The bulk of the permission checks occur in the adminhandler class, though it is far from complete. The main menu will only show to the user those items to which they have permission. Some checks are made during inside the various form processing methods in adminhandler, too.

Additional logic needs to be added so that the various object classes are ACL-aware, such that Posts::get() does not return items to which the user does not have permission.

Personal tools