| Re: Permissions by rank and group [message #166306 is a reply to message #166301] |
Mon, 07 November 2011 02:08  |
 |
ShineOn
Messages: 53
Registered: July 2011
Karma:
|
Member |
|
|
So, what do you think would be better - the more-granular security model I suggested first, or just adding an auto-membership feature to the rank subsystem so that reaching a rank will automatically make your user member of a group?
Please ignore the idea about extending this to categories - they're not a "security principal" in FUD, just a high-level grouping of forums, and their role should not be changed to make them security principals. I assume the visibility of a category depends on whether the user that's logged in can see any of the forums in the category, not only whether or not the category has any forums in it, correct?
Question about visibility / inheritance: When you create subforums, will they inherit the groups and permissions of the parent forum, including visibility? Can subfora be visible for a group/user if its parent is not? This will be important when we (maybe I...) get down to coding whichever method is decided for adding rank to the security model. The rank-based visibility must follow certain rules to make sense, in my opinion. A sample of those rules: A child forum of a parent forum that is marked "not visible" for anyone not in a particular group should automatically inherit the same level of invisibility. Only child-forum security features unrelated to visibility should be permitted to override the inherited rights set on the parent. Visibility is the exception to that rule - non-visibility-related permissions should be settable at the child forum level, overriding the permissions inherited from the parent. However, a child should not be able to be made visible if the parent is not, yet the child should not be forced to be set to visible if the parent is visible. If visibility can be set automatically by earning a rank, that shouldn't override the visibility set on the parent, and setting the parent to visible through earning a rank should not override the visibility setting on the child forum.
Restated -
> all permissions, if inherited by child forums, should be able to be set differently from the default inherited permissions.
> If the parent is not visible, the child should not be able to be set visible.
> If the parent is visible, the child should be able to be set not visible
> If the parent is not visible but changed to visible, the child should become visible unless "explicitly set" to not-visible at the child level
> If the parent is visible and is changed to not visible, the child should become not visible even if "explicitly set" to visible.
If all this is already in-place, then all that has to be of concern is how to set the visibility (and other permissions) based on rank, and how to effect the change in all forums based on earning a rank. I assume the latter would be by dynamically interpreting group membershjp at access time.
Should refresh and application of newly-earned rank-based permissions be automatic or should the expectation be that in order to have your new rank mean something you have to log out of FUDforum and log back in?
[Updated on: Mon, 07 November 2011 02:11] Report message to a moderator |
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]