OnTopicCMS/OnTopic-Editor-AspNetCore

User Roles

Opened this issue · 0 comments

JeremyCaney commented

Establish a pre-determined set of User Roles which will automatically be added to the proposed User Profile capability.

Roles

Out-of-the-box, the following User Roles will be supported:

  • Viewer (Default): Can view, but not edit, topics.
  • Editor: Can edit any topic or attribute, assuming the Content Type, Attribute Type, and Topic aren't marked as Admin Only.
  • Admin: Can edit any topic or attribute, even if it's marked as Admin Only.

Implementation

  • UserRoles: A LookupList Content Type available in Configuration:Roles
  • UserRole: A LookupListItem Content Type configured for use in the UserRoles, possibly including checkbox for different configurable permissions
  • UserRole: An AttributeDescriptor providing a LookupList of UserRole topics, which will be applied to the base Topic Content Type
  • Warning: A warning alert should be displayed at the top of topics that are only available to administrators.
  • Read Only: Attributes that are marked for the "Admin" UserRole—or that are part of a Topic or Content Type marked as such—should be marked as disabled in the editor to non-admins.

Note: As a Topic, the UserRole Attribute Descriptor will itself have a UserRole defined. This should be set to the "Admin" UserRole, thus making this setting exclusively visible to admins.

Open Issues

  • Visibility: Should Topics, Content Types, and Attribute Descriptors marked as "Admin" even be visible to non-admins? Should this be an option per implementation? Or just a global setting for each UserRole content type?
  • Custom Roles? Should admins be able to create custom roles to assign to users? If so, we would need to expose attributes to the UserRole Content Type that enable permissions. In this case, the interface would use the permissions to determine access, not the name of the role.

Permissions

If permissions are custom per UserRole Content Type, these may be:

  • View Topics (default)
  • Edit Topics
  • View Administrative Access
  • Edit Administrative Settings
  • Hidden Attribute Groups (A delimited list of tab names, defaulting to "Advanced"?)