A lot of PNs are hardly taking advantage of the permission system because it is very hard to administer even for pros sometimes. Recently on a seminar I saw the permission-system of a CMS (100 000$+ per License) and I want to share some of the solutions they had. Since I am not a programmer, the only thing I can contribute to PN is Ideas...
The CMS was using a Role-Model system. So there were differnet Roles (Access-Rights) that were assigned to groups or users. For PN there would be the following RM:
- Reader: Can read and post comments
- Editor: Can Post items
- Publisher: Can Post items and publish them or publish items posted by other, but e.g. not delete items once published
- Administrator: Godlike
This would reduce the amount of Roles to four. If someone wanted different models, it can be done in the Database itself (for someone that can deal with own permissions can shurely handle phpmyadmin...).
The function of users and groups was similar. You have users, you have groups, that´s about it. This could be done a little more comfortable in PN, but works fine right now.
Next step was, that every object was defined the permissions (objects = Modules?). So we had a setting like:
Object - Group/User - Role
News - Reg. users - editor
News - unreg users - reader
News - Marketingteam - Publisher
News - Admins - Administrator
News - User XY - Publisher
This should be set in the News administration and should be handled mostly via dropdown menues. These could also include subobjects like:
Everything not assigned was inherited. Also the position within the setting (above / below) was not relevant. I guess when having conflicting rights, we would use the more restrictive.
This could be a big step forward with PN, what do you think? Is this a lot of work, or could we see it in let´s say 0,73???
To state this clear: PN is absolutely awsome already, so please read this as suggestion, not as complaint.