[Hidden-tech] Best CMS for custom user permissions

B. Kimo Lee bklee at azurelink.com
Fri Nov 13 14:55:31 EST 2015
Previous message: [Hidden-tech] Best CMS for custom user permissions
Next message: [Hidden-tech] Best CMS for custom user permissions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Greg,

Can't speak to how to handle this in WP. But I can say Joomla 3.x does have a built-in ACL (access control levels) system which is very powerful.

It's basic components are:
• Users & Groups
• Access Levels
• Access Levels & Groups
• Assignable Menu items

You'd have to chart it out to organize it and keep the access and permissions straight, and your outline (quoted below) is a great start.

As you're aware, the basic idea is to be able to control what users Can See, and what they Can Do.

Since Joomla is basically menu driven, i.e., create your article/blog post/component and then create a menu item linking to it, you would be able to setup a wide variety of access controls by assigning access rights — previously determined in your Users/Groups/Levels — via your menu items. 

There is also a permissions system which controls what specific groups are allowed or restricted from doing.

Specific Actions which can be controlled are:

• Site Login
• Admin Login
• Offline Access
• Super User
• Access Administration Interface
• Create
• Delete
• Edit
• Edit State
• Edit Own

The specific permissions which can be applied are: Inherited, Allowed, Not Allowed.

Again, this functionality exists in the default Joomla administrator area, so no coding is required out of the box. Just a well thought out schematic of the relationships and an understanding of the ACL.

I'm not going to get into a tutorial, but you can learn about the ACL here:
https://docs.joomla.org/J3.x:Access_Control_List_Tutorial

As always, if you are looking to hire an outside consultant, please let me know.

Hope this is helpful.

Best regards,
Kimo Lee


AZURELINK  ::  "Simply Connected!"
-------------------------------------------------------------------------------
Web Site Design & Scalable, Managed Web Hosting
Joomla! Content Management System Implementation
eCommerce Development
-------------------------------------------------------------------------------
PO Box 230
80 South Street, Suite 10
Milford, NH 03055
(603) 769-4224
For more information, please visit: www.azurelink.com
Follow Azurelink on Twitter: http://twitter.com/azurelink
-------------------------------------------------------------------------------


On Nov 12, 2015, at 7:03 PM, Greg Perham wrote:

> 
> 
> 
> WordPress vs. Drupal vs. other question for you all:
> 
> I'd like to know, in a general sort of way, how you would go about configuring your CMS of choice for this scenario. Is the CMS built in a way that easily facilitates this? What are the broad-stroke steps you would perform to set it up?
> 
> Guests (visitors not logged in):
> - cannot read Staff Blog
> - cannot read Staff Calendar events
> - can read public Community Calendar events
> - cannot read private Community Calendar events
> 
> Community:
> - cannot read Staff Blog
> - cannot read Staff Calendar events
> - can read public Community Calendar events
> - can read private Community Calendar events
> 
> Staff:
> - can read Staff Blog
> - cannot create Staff Blog posts
> - can create Staff Calendar events
> - can read all Community events
> - can create Community events
> 
> Staff Contributor:
> - can read everything
> - can create Staff Blog posts and all event types
> - cannot edit Pages, etc
> 
> - Staff Blog not included in any RSS feeds or sitemap
> - private Community events not included in any RSS feeds or sitemap
> 
> WordPress does have User Roles and a permissions system. The most straight forward solution would be to create custom Roles and permissions and then hide posts/events from being displayed, but that doesn't block them from feeds and can lead to situations where you're expecting 10 blog posts on a page and only get 8 because 2 of those queried were skipped from display; it doesn't work on a category-wide level, and certainly doesn't have any affect on creating posts. I think you'd have to do some intricate work with `pre_get_posts` and (forthcoming) taxonomy meta to truly block posts everywhere, and create a front-end content creation interface to have the best control over that aspect. In all, quite clunky and labor-intensive.
> 
> I wrote a plugin that will do a much simplified version of this for WP's built-in post categories using `current_user_can('read_private_posts')`, but it falls far short of the requirements above.
> 
> So, do other CMSes have an integrated system for this sort of thing, where you can control content visibility/editability/creation by content type and taxonomy? I've been told one of the major selling points of Drupal is the permissions system. Am I overlooking a scheme for an elegant solution in WP?
> 
> And…go! :)
> 
> Regards,
> Greg
> 
> 
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
> 
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members   
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20151113/496c4554/attachment-0001.html
Previous message: [Hidden-tech] Best CMS for custom user permissions
Next message: [Hidden-tech] Best CMS for custom user permissions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Hidden-discuss mailing list