[Adminpages-development] ACLs, permissions
Heikki Ylönen
heikki74 at gmail.com
Mon Apr 17 16:39:50 EDT 2006
I think it would be good to keep this as simple as possible.
One super-user who can do everything and possibility to restrict/allow
access to created page by choosing user/users.
(*the following might differ from your goals*)
What if all the elements were similar to "render component"?
That way it would be possible to _build_ custom cms. Cms-pages would be just
like the other pages, but with restricted access.
Superuser would just place components on the right pages and give access to
the page to right users.
I did 2 ajax render components for fun. They worked pretty well. One was for
adding posts and one for uploading images. Static version would then be used
on the front end. I had to modify the code a bit, so that it passes rest of
the url (the part that it didn't recognize as pages) to the component. That
way the component could show a certain post based on the id. Ajax-versions
didn't need that of course.
(*cms worth looking*)
I tried Rubricks CMS today. It looks really flexible, but the UI wasn't
clear. Drag'n'Drop works well and user management seems good.
http://rubricks.org/index_en.html
-- Heikki
2006/4/17, Martin Scheffler <martinscheffler at googlemail.com>:
>
> Hi all,
>
> I took a look at various methods for authentication and ownership
> handling.
>
> Could you tell me what your ideas for authentication are?
> I would go like this:
> Three roles: admin, designer, editor
> Editor can only edit content and pages
> Designer can also edit templates
> Admin can also edit element types and users
>
> What kind of permission system do we need for pages and content? Do we
> need any at all?
> In all my previous projects I never had any use for fine-grained access
> control, every user could edit every page. What do you think?
>
> This is the stuff I found:
>
> UserStamp plugin
> http://www.delynnberry.com/pages/userstamp/
> The Userstamp Plugin extends *ActiveRecord::Base<http://api.rubyonrails.com/classes/ActiveRecord/Base.html>
> * to add automatic updating of *created_by* and *updated_by* attributes of
> your models in much the same way that the *ActiveRecord::Timestamp<http://api.rubyonrails.com/classes/ActiveRecord/Timestamp.html>
> * module updates *created_(at/on)* and *updated_(at/on)* attributes.
> Could be useful, have to take a closer look
>
> LoginEngine+UserEngine:
> simple, wide-spread usage, tested, takes long to install?
>
> ActiveRBAC
> https://activerbac.turingstudio.com
> Authentication with more fine-grained role handling, role inheritance
> model, groups. Seems to be pretty new. I got it to work without problems.
>
> Mac Engine
> http://www.ruby-forum.com/topic/61145#new
>
> to provide finer grained control over ActiveRecord results than can be
> achieved by using user_engine. The intention is to provide filtering of
>
> results and assigning permissions to users/groups over what they can
> access.
>
> Didn't really take a look at it, but is described as alpha software
>
> Martin
>
> _______________________________________________
> Adminpages-development mailing list
> Adminpages-development at rubyforge.org
> http://rubyforge.org/mailman/listinfo/adminpages-development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/adminpages-development/attachments/20060417/66ee94f7/attachment-0003.htm
More information about the Adminpages-development
mailing list