Loading...
 
Features / Usability

Features / Usability


Managing permissions with categories for large amount of groups

posts: 4

I am currently using the rc1 of version 3.0.

I want to set up a site for a school and would like to achieve the following:

  • parents of each class/year have their private forum and file gallery
  • other groups like kitchen, management etc. will also have their own private elements.


What I tried to do is:
For each group of the school I set up two tikiwiki groups:

  1. For the ordinary members, e.g. class1-parents. They should be able to use forum, galleries etc.
  2. For the administrators of that group, e.g. class1-parents-admins. They should be able to administrate the forum, galleries etc. of that school group (but not others).


What I wanted to avoid is to assing individual permissions to each forum, gallery etc. for the groups:So I tried the following:

  1. Assinged global permissions to the groups. E.g. class1-parents may use the forum and class1-parents-admins may admin the forum.
  2. Set up categories like class1-parents and categorised forums, galleries etc. accordingly.
  3. Assigned permission to categories for the groups, e.g. for category class1-parents I assigned groups class1-parents and class1-parents-admins.


This works quite fine. Once I have set up the permissions for a group, I do not have care on permission when adding objects. I put them into the right category and done. However one problem I have got:

  • As the class1-parents-admins group has/needs admin permissions (e.g. forum administration) in the global permissions, they are allowed to create new forums - an perhaps more than I want. I did not find a way to limit this via categories.


The only solution I found for this is to assgin individual rights for each group to each object. Which is very hard to maintain.

Is there a more practical solution than the above?

What would find very convenient would be something like

  1. "associated permission"
    • To associate a set of permissions (not only the category ones) when assigning a group to a category.
    • This set of "associated permissions" could be dervied from a "template"/"dummy" group.
    • The effective permissions derived by category would be the union of the associated rights and the global rights of the assigned group.

  1. "category context" flag for global permission
    • add a flag to global permission indicates "only in the context of a category"


From my limited point of view I would prefer the "associated permission". In my use case I would

  • define two dummy/template groups "members" and "group-admins" and assign them the permissions I find appropriate.
  • All real groups would be set up with no permissions.
  • When assinging the real group class1-parents to category class1-parents I would use the associated group "members".
  • When assigning the real group class1-parents-admins to category class1-parents I would use the associated group "group-admins"

In this case manage the actual permission only throug the two dummy groups.


posts: 1817 Catalan Countries

and if in a hurry: Mod AulaWiki (which provides workspaces feature for Tiki 1.9.x and 2.x; not fully compliant with Tiki 3 yet)

and please, join edu.tw.o smile


Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting