I have been thinking on how I need to elaborate the Role system to include more Roles.

Server Administrator

• will have full admin control on any site hosted within the same db
• can create new sites and site host entries
• can configure which features are available in each site

Site Administrator

• can edit any content in a site
• can manage users in a site
  

Content Administrator

• can edit any content in a site

Forum Moderator

• can moderate content in 1 or more forums

Blog Author

• can edit one or more blog modules in a site

Content Author

• can edit one or more Html Content Modules within a site
  

To me the idea of a feature to allow granting a user a page or node of pages that they can edit seems interesting. We already have some personalization via MyPage but that is only for exposing internally published content to be arranged into custom pages by the user.

Now its already possible to grant a user this ability to edit a page or node of pages if you create a role for the user and create the first page which will be the root page of his node and set the edit permissions and create child page permissions to the role you created. Add the user to the role and bingo he can edit his own subtree of the site.

The problem is if you want to do this for a large number of users your going to have a large number of roles which is difficult to manage and really goes against the idea of using roles in the first place which is basically to group users into permission buckets.

So to implement this feature to support that kind of use case it would be better to add an EditUserGuid column to the mp_Pages table and maybe a bool for EditUserCanCreateChildPages.

However there are addition issues to consider when you start making the content publishing tools available to untrusted users. Maybe some of them are relatively trusted but if you open it up to strangers you don't want them being able to put javascript into the page or you are opening the door to cross site scripting attacks. Some features in mojoPortal like the Forums and the RSS Aggregator already have some protection in place to prevent cross site scripting but other features have pretty much been created for use by trusted users and we would need to enable this protection in those features as well.

Also we would probably need a way to configure which features are vailable to untrusted users or taking away some features from some users.

I'll keep this idea in mind though right now I have a lot of other priorities above this idea.

 

As for the original post of this thread, you may notice it was from February 2005 so this is not my current thoughts. I mean hey that was back in 1.1 .NET days ;-)

The current thinking is:

Server Administrator = Admin in site which has IsServerAdminSite =true in the db which is only the first site created.

Site Administrator - role exists

Content Administrator - role exists

Content Author - role exists but up to you to grant it permission to edit pages

Blog Author - not implemented or planned to have feature specific roles. You can make any roles you like already

Forum Moderator - back burner - maybe revisit someday when the forums gets some love

Best,

Joe