No User-groups, so let's re-think

rurwinrurwin wrote on 30 Jun 2010 13:42

Multiple User-groups has been rejected.

How-about if we could give ListPages et al the permissions of a user?

So if Page A was last updated by user B, then any modules on page A access private categories as if they were user B.

That would allow moderators and admins to craft portals into private categories to expose exactly what they want exposed. A random user will see what has been exposed to him/her, but cannot browse the private category.

With a judicious application of [[includes]] and ListUsers, this would give us most, if not all, of the advantages of multiple user-groups.

To prevent inadvertent security leaks, you would probably want to configure this "sticky permissions" behaviour on a category-by-category basis, (so page A only takes the permissions of user B if page A is in a "sticky permissions" category,) or even a page-by-page basis.


Start a new sub-thread

Comments: 0

Add a New Comment
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License