Show modules by role

This is a forum to suggest new features for mojoPortal. 

This thread is closed to new posts. You must sign in to post in the forums.
12/6/2006 2:33:25 AM
Alexander V. Yushchenko
Gravatar
Total Posts 488
View Posts

Show modules by role

I need to show my module only to users who belong to the specific role.

As far as I understand, now only pages can be shown on the role basis. It would be nice to have an opportunity to do the same with modules.
12/6/2006 3:58:42 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Show modules by role

Permissions at the module level would add a great deal of complexity that I want to avoid.

For example, consider the search feature, content is indexed at the page level and page permissions are stored in the search index along with the search stuff. So anytime permissions are changed on a page we have to re-index all the content on the page so that the search index permissions stay in sync and users can't get search results for content they have no permission to view. This will get much more complicated if we start having to do this at the module level and performance could be a real problem because there are some pages that we want to avoid re-indexing as much as possible. The page with the forums for example. We have over a thousand posts and if permissions are changed on the page that contains the forums all those posts have to be re-indexed so I try to avoid changing permissions on that page.
Now if we extend the view permissions onto module instances we have to also re-index the whole contents of the page if view permissions change on any module that lives on the page and we have to keep even more permissions stored in the index.

Also content module instances can also be placed on multiple pages. I want to avoid complex issues/bugs that can happen if the user has view permission on the page but not on the module.

I really think it is best to keep view permissions at the page level.

Joe
12/6/2006 10:27:46 PM
Alexander V. Yushchenko
Gravatar
Total Posts 488
View Posts

Re: Show modules by role

I am really surprised that content is indexed at the page level.
Why not indexing content on the module level? In this case many problems you spoke about will not appear. You will not have to reindex all the page when only one control is changed.

And what for do you need to reindex the content when page permissions change??? Isn't it possible to somehow reorganize the index so that the index contains all the pages/modules, and before displaying the results they are just filtered according to current permissions?
12/7/2006 1:45:31 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Show modules by role

In order to provide a link in the search results we must know at indexing time the page that the content is on and we must not show links to pages that the user has no permission to see.

No matter if we had view permissions at the module level, if the module is on a page the user  does not have view permission for the user must not see that page. We must have view permission at the page level to control the display of the menu. Having view permission at both the page and module level adds confusion and complexity and a whole array of possible problems and bugs.
12/7/2006 2:36:30 AM
Alexander V. Yushchenko
Gravatar
Total Posts 488
View Posts

Re: Show modules by role

If content is indexed on the module level, the following algorithm can be used:
1. When indexing: include module ID to the index instead of the page URL.
2. After adding module or editing content: reindex content of the control only.
3. After deleting module: delete module content from the index.
4. After page view permission changing: nothing.
5. After module view permission changing: nothing.
6. After module publication changes: nothing.
7. When searching:
    - search the index to find modules that contain search results
    - exclude the modules that the current user has no permission to see
    - generate the list of pages these modules are published at
    - exclude pages that the current user has no permission to see


Speaking about the complexity of having view permissions on both page and module level. What complexity do you mean, I wonder?
1. Each page has its own view permissions as it has now.
2. Each module has the same set of view permissions.

The only change in page rendering will be a single line of code in module's Page_Load like
    if (!this.IsVisibleForCurrentUser) this.Visible = false;

Module-level permissions do not affect menu in any way.
P.S. You already have some kind of module-level permission, as I can see - I mean "Is Admin Feature:" checkbox on feature module settings page.
12/7/2006 2:54:32 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Show modules by role

Your solution "might" work. If you want to implement that and can show that it works correctly in all scenarios I would consider those changes.

I still think it will be confusing to non-tech users who are trying to establish permissions while the current model is very easy to understand. Doing this will also make it difficult if we ever try to use PageOutput cache
I think it is better to not put mixed content on a page that some viewers can see and others cannot. I think it is cleaner to create separate pages for the content. I also think it could cause performance issues having to check permission on so many levels for each page and will also slow down the performance of search results having to do all that secondary lookup and permission checking.

The IsAdmin property of a module indicates whether the module is available for pages, ie whether it shows up in the dropdown list on PageLayout.aspx. SiteSettings for example is an Admin module we don't want on the list for normal users to be ale to add to pages.

Joe
You must sign in to post in the forums. This thread is closed to new posts.