The permission system of Project Voodoo has been setup to allow for two different scenarios, or a mix of the two.
All permissions in Project Voodoo are based on groups configured in /conf/engine.ini in the section called [usergroups]. The name of the group entries is referred to in the other configuration files.
Hierarchical permissions are pretty straight forward. Define different usergroups in your engine.ini file and give them numbers whereby the larger the number the higher in the hierarchy users in that group reside. For example:
Anonymous = 0
Member = 10
Admin = 20
In the example above, Anonymous would be the lowest user group in the hierarchy, whereby Admin would be the top user. Rights specified in any of the privileges sections in the different Controller configuration files that have only one entry (see example below) will be using the Hierarchical permission system. This means that a comparison is done between the accesslevel of the current user and the minimal required level defined in the config file, wherever rights are checked.
wiki.view = Anonymous
wiki.create = Admin
Here we say that anyone that is Anonymous or higher can view Wiki pages, and anyone that is Admin (or higher) can create new Wiki pages.
In case you want to configure your Project Voodoo setup to include the Group based permission you can see the numbers of the groups as the ID's of each group. The important part hereby is that if you want to link a certain action to only one group, you will have to end your entry with a comma.
Consider the following, you have a few user groups in your engine.ini file:
Anonymous = 0
User = 10
Member = 20
WikiAdmin = 30
NewsAdmin = 40
Now for permission wiki.modify you want to allow only the group WikiAdmin. In case you enter the following:
wiki.modify = WikiAdmin
The Voodoo engine will resolve this as if(user_access>=WikiAdmin) -> allow. In this setup that would mean that even NewsAdmins? would have rights to Modify wiki pages. To get around this problem, enter the following instead:
wiki.modify = WikiAdmin,
The default installation of Project Voodoo uses the mixed version of the above explained permissions systems. The most important thing to keep in mind is that at any one time, if you have only one entry on a line in the [privileges] section in your configuration files, and that line is not ending with a comma, the Hierarchical Permissions system will be used. This can cause weird situations, so make sure you check a few different scenarios when playing around with the permissions settings.
Having differently named usergroups with the same accesslevel defined will mean that usergroup a is merely an alias for usergroup b:
GroupA = 30
GroupB = 30
GroupC = 40
GroupD = 30
With privileges defined as:
wiki.modify = GroupB,
This means that in this case every user from GroupA, GroupB and GroupD will have access to modify Wiki Pages. Be careful with this behavior if you have a large number of different user groups.