[Hidden-tech] Best CMS for custom user permissions

[Aaron Smith]

As a former Drupal developer who has worked with WordPress, I learned that
both are fairly opinionated and neither are much fun to fight against. I
would go with whichever is closer to your needs out of the box. Drupal
comes stock with (nearly) all of the configuration you need, but the
authoring experience is not anywhere near as enjoyable as WordPress and
dealing with WYSIWYG content editors is a real pain. Conversely WordPress
has a fantastic interface, but bending it to complex business logic or
permissions logic is near the top of my list things I ever want to do again.

If permissions are your primary concern, I would start with Drupal - but if
interface and ease of use are priority, start with WordPress. Both are
capable, but in the long run the less you bend it, the easier it will be to
maintain.

I've never worked with Joomla, but in general I stick to frameworks that
have a more active community. I think it's popular locally because of
Marlboro College's focus on it, but in the greater dev community it's not
as well used.

Django or a Rails CMS will do everything you want (and more) with flying
colors, but you will be writing and, more importantly, maintaining, your
own code base.

Hope that helps!

Aaron Smith


*WordPress vs. Drupal vs. other* question for you all:

I'd like to know, in a general sort of way, how you would go about
configuring your CMS of choice for this scenario. Is the CMS built in a way
that easily facilitates this? What are the broad-stroke steps you would
perform to set it up?

Guests (visitors not logged in):
- cannot read Staff Blog
- cannot read Staff Calendar events
- can read* public* Community Calendar events
- cannot read *private* Community Calendar events

Community:
- cannot read Staff Blog
- cannot read Staff Calendar events
- can read *public* Community Calendar events
- can read *private* Community Calendar events

Staff:
- can read Staff Blog
- cannot create Staff Blog posts
- can create Staff Calendar events
- can read all Community events
- can create Community events

Staff Contributor:
- can read everything
- can create Staff Blog posts and all event types
- cannot edit Pages, etc

- Staff Blog not included in any RSS feeds or sitemap
-* private* Community events not included in any RSS feeds or sitemap

WordPress does have User Roles and a permissions system. The most straight
forward solution would be to create custom Roles and permissions and then
hide posts/events from being displayed, but that doesn't block them from
feeds and can lead to situations where you're expecting 10 blog posts on a
page and only get 8 because 2 of those queried were skipped from display;
it doesn't work on a category-wide level, and certainly doesn't have any
affect on creating posts. I think you'd have to do some intricate work with
`pre_get_posts` and (forthcoming) taxonomy meta to truly block posts
everywhere, and create a front-end content creation interface to have the
best control over that aspect. In all, quite clunky and labor-intensive.

I wrote a plugin that will do a much simplified version of this for WP's
built-in post categories using `current_user_can('read_private_posts')`,
but it falls far short of the requirements above.

So, do other CMSes have an integrated system for this sort of thing, where
you can control content visibility/editability/creation by content type*
and* taxonomy? I've been told one of the major selling points of Drupal is
the permissions system. Am I overlooking a scheme for an elegant solution
in WP?

And…go! :)

Regards,
Greg

_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20151113/d8162b70/attachment.html