Comments
-
-
Louis-Philippe Huberdeau 02 Aug 09 09:30 GMT-0000
Temporary breakage prevents from making a proper reply.
My view is that category permissions will simplify management by reducing the amount of places permissions have to be verified. Object permissions will stay, but when using categories, they will mostly be used for exceptional cases. I think synchronization problems are much harder to solve and can cause privacy issues if rules change and some objects are forgotten.
However, using category permission remains optional. Disabling categories make these permissions go away, and it could be possible to just disable the category permissions. As part of the permission UI revamp that will begin shortly, permission auditing should be easier and better, and batch allocation should also improve the experience with both category permissions and object permissions.
As far as permission templates go, it would mostly be handled by having a model page and copying permissions from it.
;){kind=link}
;){kind=link}
- On Windows, generating custom theme files with npm produces generated output in two places
- Preference to disable tooltips also disables important back-end functionality
- syntax type=markdown code disappears from Content Template
- Preview button in Content Template edit box discards changes
- Unable to remove multiple Wiki Pages
;){kind=link}
;){kind=link}
You should evaluate what you can earn and what you can loose by dumping the adoption of category permissions and use a well engineered system of setting object permissions from ad-hoc, premade templates/roles:
1) Perms would be in the objects, not outside them
2) perms would be settable on a per object basis, not on a per-container basis
3) no hineritance problems, just replication ones
4) no risk of mixing content categorization with access permissions, nor need to limit/rule this
Once you cross the field of category permissions, a whole lot of problems arise that are not really needed. An example is the fact that the need of a single different perm for any single object needs a category for itself, and you must handle the relation/dependance/inheritance with the parent category.
What categories are good at (but any other union table would do) is to join objetcs:
-groups (that should become categorizable objects)
-resources
-presets object permission templates (roles) that can be stored as groups too, and thus categorized.
Something I think is useful is some sort of group level (like in UNIX, where users groups start at gid 1000), or another way to cross categorize groups to categories that explain their 'level'. But this is not yet category permissions. With this you can select which 'object permission templates (stored as groups)' can be applied to which 'users groups'. And which 'users groups' can be selected for inclusion into other 'users groups'.
Because it should be also possible to add groups to groups, not only individual users.
I don't understand if this idee fixe with category permission is because these can be more easily replicated/transferred by profiles/datachannels, or if because it seems that bringing an object into a category is somehow more a simpler operation that applying a preset or perms to the object... The latter is very trivial and immediate too, and in fact the code has been there for a time in aulawiki.