bit-badger/myWebLog
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Activity

Establish user access levels #19

New Issue
Closed
opened 2022-07-16 15:11:22 +00:00 by danieljsummers · 1 comment
danieljsummers commented 2022-07-16 15:11:22 +00:00 (Migrated from github.com)
Copy Link

Currently, the only security determination is logged on or not. Establish the following security levels; within this list, each one can also perform the tasks of those above it.

  • Establish user levels (described below)
  • Place restrictions on existing functionality according to those levels. UI elements that are not allowed should not be displayed (i.e., unless the user can delete a post, the "Delete" link should not be shown). The server must also verify this access for each request.
  • Provide a user maintenance page, where WebLogAdmins and Administrators can assign their level or below to other users of the current web log
  • When creating a web log, if this is the first one, assign the user Administrator permissions; otherwise, assign them WebLogAdmin permissions
  • Provide a CLI upgrade-user option that will take a URL base and an e-mail address, and promote that user to Administrator status

Access Levels

  • Author can create new posts / pages and edit posts / pages they authored.
  • Editor can edit posts / pages they did not author, but may not delete them.
  • WebLogAdmin can delete posts / pages, as well as manage all web log settings (the current "logged on" level)
  • Administrator will be able to manage themes (#20), and may have other installation-wide controls as they are developed.
Currently, the only security determination is logged on or not. Establish the following security levels; within this list, each one can also perform the tasks of those above it. - [x] Establish user levels (described below) - [x] Place restrictions on existing functionality according to those levels. UI elements that are not allowed should not be displayed (i.e., unless the user can delete a post, the "Delete" link should not be shown). The server must also verify this access for each request. - [x] Provide a user maintenance page, where `WebLogAdmin`s and `Administrator`s can assign their level or below to other users of the current web log - [x] When creating a web log, if this is the first one, assign the user `Administrator` permissions; otherwise, assign them `WebLogAdmin` permissions - [x] Provide a CLI `upgrade-user` option that will take a URL base and an e-mail address, and promote that user to `Administrator` status ### Access Levels - `Author` can create new posts / pages and edit posts / pages they authored. - `Editor` can edit posts / pages they did not author, but may not delete them. - `WebLogAdmin` can delete posts / pages, as well as manage all web log settings (the current "logged on" level) - `Administrator` will be able to manage themes (#20), and may have other installation-wide controls as they are developed.
danieljsummers commented 2022-07-22 02:52:51 +00:00 (Migrated from github.com)
Copy Link

Fixed in beta 5

Fixed in beta 5
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
area
podcasting
Issues related to podcasting / episodes

  
area
setup
Issues related to installation and setup

  
area
theming
Issues related to templates and theme

  
area
writing
Issues related to pages and posts

  
bug
annoyance
An issue that should be fixed, but is not a show-stopper

  
bug
footgun
Prevent preventable errors

  
bug
urgent
A show-stopping bug; fix urgently

  
duplicate
  
enhancement
deprecation
Replace deprecated libraries with newer ones

  
enhancement
feature
A new feature to be added

  
help wanted

   
invalid

   
question

   
wontfix
No Label
area
podcasting
area
setup
area
theming
area
writing
bug
annoyance
bug
footgun
bug
urgent
duplicate
enhancement
deprecation
enhancement
feature
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
v2-rc
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: bit-badger/myWebLog#19
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?