Better Role Differentiation

This is a forum to suggest new features for mojoPortal. 

This thread is closed to new posts. You must sign in to post in the forums.
2/20/2005 9:45:43 AM
Total Posts 18439

Better Role Differentiation

I have been thinking on how I need to elaborate the Role system to include more Roles.

Server Administrator
  • will have full admin control on any site hosted within the same db
  • can create new sites and site host entries
  • can configure which features are available in each site
Site Administrator
  • can edit any content in a site
  • can manage users in a site
Content Administrator
  • can edit any content in a site
Forum Moderator
  • can moderate content in 1 or more forums
Blog Author
  • can edit one or more blog modules in a site
Content Author
  • can edit one or more Html Content Modules within a site
7/23/2007 8:57:42 AM
Total Posts 488

Re: Better Role Differentiation

In this case it would be nice to have a "Site" prefix for all roles that have rights on a single site: Site Content Administrator, etc.

2/2/2008 11:12:15 AM
Total Posts 10

Re: Better Role Differentiation

I would like to see the following:

1 - give an authenticated user access to editing of a certain "personal" page. This will be his personal page and he can edit everything on this page.

2- give this user the option, to be set by the site admin to create pages under his personal page and have right to edit these of course

3- Server admin option to set  that when signing up it will create automatically a personal page for authenticated users.

This feature would create a kind of "myspace"

Also it would help to create certain sections of the website to be edit only by certain people. Like i have created and I would like to have certain persons just be able to edit the information of one island. That person will be only responsible for editing that section (menu item).

It would be a nice that their would be a feature that when page are edited or added, it will email the site admin, so that the site admin would know what is going on.


2/2/2008 7:31:32 PM
Total Posts 43

Re: Better Role Differentiation

I like the fact you are getting ready to revamp these settings, I recently had an issue where your proposed changes would have helped.

Where do you propose the current "Administration Menu > Site Settings" role goes?  I am thinking the Site Administrator role.

2/3/2008 3:31:06 PM
Total Posts 18439

Re: Better Role Differentiation

To me the idea of a feature to allow granting a user a page or node of pages that they can edit seems interesting. We already have some personalization via MyPage but that is only for exposing internally published content to be arranged into custom pages by the user.

Now its already possible to grant a user this ability to edit a page or node of pages if you create a role for the user and create the first page which will be the root page of his node and set the edit permissions and create child page permissions to the role you created. Add the user to the role and bingo he can edit his own subtree of the site.

The problem is if you want to do this for a large number of users your going to have a large number of roles which is difficult to manage and really goes against the idea of using roles in the first place which is basically to group users into permission buckets.

So to implement this feature to support that kind of use case it would be better to add an EditUserGuid column to the mp_Pages table and maybe a bool for EditUserCanCreateChildPages.

However there are addition issues to consider when you start making the content publishing tools available to untrusted users. Maybe some of them are relatively trusted but if you open it up to strangers you don't want them being able to put javascript into the page or you are opening the door to cross site scripting attacks. Some features in mojoPortal like the Forums and the RSS Aggregator already have some protection in place to prevent cross site scripting but other features have pretty much been created for use by trusted users and we would need to enable this protection in those features as well.

Also we would probably need a way to configure which features are vailable to untrusted users or taking away some features from some users.

I'll keep this idea in mind though right now I have a lot of other priorities above this idea.


As for the original post of this thread, you may notice it was from February 2005 so this is not my current thoughts. I mean hey that was back in 1.1 .NET days ;-)

The current thinking is:

Server Administrator = Admin in site which has IsServerAdminSite =true in the db which is only the first site created.

Site Administrator - role exists

Content Administrator - role exists

Content Author - role exists but up to you to grant it permission to edit pages

Blog Author - not implemented or planned to have feature specific roles. You can make any roles you like already

Forum Moderator - back burner - maybe revisit someday when the forums gets some love



2/3/2008 3:33:27 PM
Total Posts 18439

Re: Better Role Differentiation

So currently you can create a role for each of the islands and add users to those roles that should be able to edit. In the page settings for the top level page for an island set the Roles That Can Edit and Roles That Can Create child pages to the corresponding role for the island.

Hope it helps,


2/6/2008 8:40:22 AM
Total Posts 10

Re: Better Role Differentiation

Thanks. I will implement it that way.


Keep up the good work!

You must sign in to post in the forums. This thread is closed to new posts.