Owner Permissions

Posted by kaffeeringe.de on Wed, 19 Nov 2008 (179 reads)
Since we first introduced the permissions model the internet and the way we use it dramatically changed: Our currently model is a top-down model. Every permission is passed down by an administrator. Today you have hundered of webservices where users decide on their own who is allowed to see their profile, who is allowed to join their group and how they can join.
And that basically requires that you know who owns content. Florian already encountered the problem that of course you have a uid with every content item - whether news article or comment. But hooks usually only know their creator, not who owns the parent item - the one who might be responsible for the hooked content.

So Module developer must start building into their modules ownership permissions. That is possible with our system afaik:
User | News:: | ::UID | edit
And then, when you display a page and evaluate if the current user has permissions to edit you take viewerID and compare it to the ownerID.

Perhaps in some modules - if not all - this should be standard behaviour and webmasters are only able to take away these permissions from their users if they don't want it.

I wonder what "workflows" add to these ideas...

Share This

Trackbacks

(The URL to TrackBack this entry is: TrackBack/main/id/26,1-17). If your blog does not support Trackbacks you can manually add your trackback by using this form.

Comments

Add a new Comment









 
Close

You don't have permission to e-mail this story - please login