Establish user access levels #19

Closed
opened 2022-07-16 15:11:22 +00:00 by danieljsummers · 1 comment
danieljsummers commented 2022-07-16 15:11:22 +00:00 (Migrated from github.com)

Currently, the only security determination is logged on or not. Establish the following security levels; within this list, each one can also perform the tasks of those above it.

  • Establish user levels (described below)
  • Place restrictions on existing functionality according to those levels. UI elements that are not allowed should not be displayed (i.e., unless the user can delete a post, the "Delete" link should not be shown). The server must also verify this access for each request.
  • Provide a user maintenance page, where WebLogAdmins and Administrators can assign their level or below to other users of the current web log
  • When creating a web log, if this is the first one, assign the user Administrator permissions; otherwise, assign them WebLogAdmin permissions
  • Provide a CLI upgrade-user option that will take a URL base and an e-mail address, and promote that user to Administrator status

Access Levels

  • Author can create new posts / pages and edit posts / pages they authored.
  • Editor can edit posts / pages they did not author, but may not delete them.
  • WebLogAdmin can delete posts / pages, as well as manage all web log settings (the current "logged on" level)
  • Administrator will be able to manage themes (#20), and may have other installation-wide controls as they are developed.
Currently, the only security determination is logged on or not. Establish the following security levels; within this list, each one can also perform the tasks of those above it. - [x] Establish user levels (described below) - [x] Place restrictions on existing functionality according to those levels. UI elements that are not allowed should not be displayed (i.e., unless the user can delete a post, the "Delete" link should not be shown). The server must also verify this access for each request. - [x] Provide a user maintenance page, where `WebLogAdmin`s and `Administrator`s can assign their level or below to other users of the current web log - [x] When creating a web log, if this is the first one, assign the user `Administrator` permissions; otherwise, assign them `WebLogAdmin` permissions - [x] Provide a CLI `upgrade-user` option that will take a URL base and an e-mail address, and promote that user to `Administrator` status ### Access Levels - `Author` can create new posts / pages and edit posts / pages they authored. - `Editor` can edit posts / pages they did not author, but may not delete them. - `WebLogAdmin` can delete posts / pages, as well as manage all web log settings (the current "logged on" level) - `Administrator` will be able to manage themes (#20), and may have other installation-wide controls as they are developed.
danieljsummers commented 2022-07-22 02:52:51 +00:00 (Migrated from github.com)

Fixed in beta 5

Fixed in beta 5
Sign in to join this conversation.
No description provided.