bit-badger/myWebLog
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 11 Activity

Establish user access levels #19

New Issue
Closed
opened 2022-07-16 15:11:22 +00:00 by danieljsummers · 1 comment
danieljsummers commented 2022-07-16 15:11:22 +00:00 (Migrated from github.com)
Copy Link

Currently, the only security determination is logged on or not. Establish the following security levels; within this list, each one can also perform the tasks of those above it.

  • Establish user levels (described below)
  • Place restrictions on existing functionality according to those levels. UI elements that are not allowed should not be displayed (i.e., unless the user can delete a post, the "Delete" link should not be shown). The server must also verify this access for each request.
  • Provide a user maintenance page, where WebLogAdmins and Administrators can assign their level or below to other users of the current web log
  • When creating a web log, if this is the first one, assign the user Administrator permissions; otherwise, assign them WebLogAdmin permissions
  • Provide a CLI upgrade-user option that will take a URL base and an e-mail address, and promote that user to Administrator status

Access Levels

  • Author can create new posts / pages and edit posts / pages they authored.
  • Editor can edit posts / pages they did not author, but may not delete them.
  • WebLogAdmin can delete posts / pages, as well as manage all web log settings (the current "logged on" level)
  • Administrator will be able to manage themes (#20), and may have other installation-wide controls as they are developed.
Currently, the only security determination is logged on or not. Establish the following security levels; within this list, each one can also perform the tasks of those above it. - [x] Establish user levels (described below) - [x] Place restrictions on existing functionality according to those levels. UI elements that are not allowed should not be displayed (i.e., unless the user can delete a post, the "Delete" link should not be shown). The server must also verify this access for each request. - [x] Provide a user maintenance page, where `WebLogAdmin`s and `Administrator`s can assign their level or below to other users of the current web log - [x] When creating a web log, if this is the first one, assign the user `Administrator` permissions; otherwise, assign them `WebLogAdmin` permissions - [x] Provide a CLI `upgrade-user` option that will take a URL base and an e-mail address, and promote that user to `Administrator` status ### Access Levels - `Author` can create new posts / pages and edit posts / pages they authored. - `Editor` can edit posts / pages they did not author, but may not delete them. - `WebLogAdmin` can delete posts / pages, as well as manage all web log settings (the current "logged on" level) - `Administrator` will be able to manage themes (#20), and may have other installation-wide controls as they are developed.
danieljsummers commented 2022-07-22 02:52:51 +00:00 (Migrated from github.com)
Copy Link

Fixed in beta 5

Fixed in beta 5
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area
infrastructure
Issues related to supported frameworks and libraries
area
podcasting
Issues related to podcasting / episodes
area
setup
Issues related to installation and setup
area
theming
Issues related to templates and theme
area
writing
Issues related to pages and posts
bug
annoyance
An issue that should be fixed, but is not a show-stopper
bug
footgun
Prevent preventable errors
bug
urgent
A show-stopping bug; fix urgently
duplicate
enhancement
deprecation
Replace deprecated libraries with newer ones
enhancement
feature
A new feature to be added
help wanted
invalid
question
wontfix
No Label
Milestone
No items
No Milestone v2-rc
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: bit-badger/myWebLog#19
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?