[Typo3-dev] More advanced permissions handling?

Stig N. Færch stig at 8620.dk
Fri Dec 31 10:59:18 CET 2004 

> OK, but you could for now just name the groiup "ROLE: ...." and then
> it would be obvious which you should select.
>
> I don't see a big difference. However traditionally people have been
> begging for user roles. I believe groups=roles, you just have to think
> of them in that way. (and configure them to act as roles of course)

I agree very much to this. I also think be-groups as being roles.
But I'm not intirely sure that you understand what I mean.
When a user has several roles, his permissions are much wider, and to in 
some situations this user will suddenly have access to things that 
wasn't intended.
This for example happens when 1 and 2 are allowed in role A, but only 1 
is allowed in role B. In this situaion 2 i suddenly also allowed in role 
B.

Now if a user could switch between the roles which he is assigned  in a 
dropdownlist(turning off/disable the roles which are not selected and 
be-groups which are not roles), we could overcome this problem without 
changing too much.
Of course this is only a guess, because I don't understand the 
complexness of the permissionssystem

/Stig

> On Fri, 2004-12-31 at 08:45, Stig N. Færch wrote:
>> These were the other suggestions I had:
>>
>> /Stig
>>
>>>> Yes, it will be far to complicated to implement and one should
>>>> keep a permission system simple.
>>>
>>> Okay, it might be too complex to do this.
>>> But then I have a couple of ideas which might be easier to
>>> implement? I would like to hear...:
>>> ...if you think it's a good idea?
>>> ...if you think it would contradict some basic designrules of Typo3?
>>> ...how hard it would be to implement?
>>> ...if you might implement it sometime?
>>> ...if not, do you think it would be possible to implement through an
>>> extension?
>>>
>>> The first idea:
>>> The idea is that when you are logged in, you will be able to choose
>>> among different user-roles which corresponds to be-usergroups you
>>> were assigned.
>>
>> Comment: it's like switching off those usergroups which are marked as
>> user-roles AND not selected.
>>
>>> For example - you might want to edit news. Then you select the
>>> news-role and only the be-usergroup for news-editing kicks in.
>>>
>>> Or you might want to edit the calendar then you select calendar-role
>>> and only the be-usergroup for calendar-editing kicks in.
>>>
>>> To select a user-role, you could have a dropdown-list in the BE with
>>> the different user-roles you can switch through, one of which is
>>> default.
>>>
>>>
>>> Or another idea:
>>> Similar to the above idea.
>>> You can mark be-users as being user-roles.
>>> Then these user-roles could be assigned to be-users,
>>> who then can switch between these in the BE from a dropdown-list.
>>>
>>> The problem might be that it's not the be-user who sets it's mark
>>> when editing something but the user-role instead. But that might
>>> also be solvable.
>>>
>>> /Stig

More information about the TYPO3-dev mailing list