| • Dalines Software Library • | • Home • Engine • Projects • Login • Signup • |
|
EnginePrivileges - WikiView | |
Engine PrivilegesThe permission system of Project Voodoo has been setup to allow for two different scenarios, or a mix of the two.
GroupsAll permissions in Project Voodoo are based on groups configured in /conf/engine.ini in the section called [usergroups]. The name of the group entries is referred to in the other configuration files.
Hierarchical permission systemHierarchical permissions are pretty straight forward. Define different usergroups in your engine.ini file and give them numbers whereby the larger the number the higher in the hierarchy users in that group reside. For example:[usergroups] Anonymous = 0 Member = 10 Admin = 20In the example above, Anonymous would be the lowest user group in the hierarchy, whereby Admin would be the top user. Rights specified in any of the privileges sections in the different Controller configuration files that have only one entry (see example below) will be using the Hierarchical permission system. This means that a comparison is done between the accesslevel of the current user and the minimal required level defined in the config file, wherever rights are checked. [privileges] wiki.view = Anonymous wiki.create = AdminHere we say that anyone that is Anonymous or higher can view Wiki pages, and anyone that is Admin (or higher) can create new Wiki pages.
Group based permission systemIn case you want to configure your Project Voodoo setup to include the Group based permission you can see the numbers of the groups as the ID's of each group. The important part hereby is that if you want to link a certain action to only one group, you will have to end your entry with a comma.Consider the following, you have a few user groups in your engine.ini file: [usergroups] Anonymous = 0 User = 10 Member = 20 WikiAdmin = 30 NewsAdmin = 40Now for permission wiki.modify you want to allow only the group WikiAdmin. In case you enter the following: [privileges] ... wiki.modify = WikiAdminThe Voodoo engine will resolve this as if(user_access>=WikiAdmin) -> allow. In this setup that would mean that even NewsAdmins? would have rights to Modify wiki pages. To get around this problem, enter the following instead: [privileges] ... wiki.modify = WikiAdmin,
Mixing the twoThe default installation of Project Voodoo uses the mixed version of the above explained permissions systems. The most important thing to keep in mind is that at any one time, if you have only one entry on a line in the [privileges] section in your configuration files, and that line is not ending with a comma, the Hierarchical Permissions system will be used. This can cause weird situations, so make sure you check a few different scenarios when playing around with the permissions settings.
UsergroupsHaving differently named usergroups with the same accesslevel defined will mean that usergroup a is merely an alias for usergroup b:[usergroups] GroupA = 30 GroupB = 30 GroupC = 40 GroupD = 30With privileges defined as: [privileges] wiki.modify = GroupB,This means that in this case every user from GroupA, GroupB and GroupD will have access to modify Wiki Pages. Be careful with this behavior if you have a large number of different user groups.
|