Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » Page Security interface

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1
Go to End
Author Topic: 2214 Views
  • Tim
    Avatar
    Core Development Team
    201 Posts

    Page Security interface Link to this post

    Following up on the great work Markus has been doing on page security (we now have the ability to secure pages within the CMS), I've feel we need a nicer looking interface to support these actions.

    Below are some is a proposed concept which I think is a significant improvement on what we have currently.

    The basic idea is all the actions are listed on the horizontal axis, while the groups of users are one the vertical axis.

    I think this is going to be quite extensible, and easy to understand. What do you guys think?

  • Willr
    Avatar
    Forum Moderator
    5497 Posts

    Re: Page Security interface Link to this post

    The new idea seems much better and easier to understand though I would say minus the super cheesy purple and blue gradients

  • Markus
    Avatar
    Google Summer of Code Hacker
    152 Posts

    Re: Page Security interface Link to this post

    OK, here is the attachment.. or not!?

    I don't understand why it is not attached, even when I uploaded it (http://www.silverstripe.com/assets/Attachments/proposal-security-interface.gif)!?

    Anyway, here it is as a inline-image:

  • Tim
    Avatar
    Core Development Team
    201 Posts

    Re: Page Security interface Link to this post

    Hi Markus

    I like where you are going with your interface - its more "standard" than what I've proposed and that's always a good thing.

    I think having the concept of hierarchical security is important however thinking about this some more (I didn't address this either). For example, if you cant read somthing, then you can't edit it, because in order to edit, you need to be able to read.

    What do you think is the best way to represent these logical constraints in the user interface? Maybe having a tree as opposed to a list?

    I've attached some screen shot of a 'enterprise' system which one of our clients has sent me - we may be able to draw on some ideas from here.

  • Markus
    Avatar
    Google Summer of Code Hacker
    152 Posts

    Re: Page Security interface Link to this post

    Thanks

    > I think having the concept of hierarchical security is important however thinking about this
    > some more (I didn't address this either). For example, if you cant read somthing, then you
    > can't edit it, because in order to edit, you need to be able to read.

    That's the question... do we really want to implement/support such a hierarchical security system?

    > What do you think is the best way to represent these logical constraints in the user
    > interface? Maybe having a tree as opposed to a list?
    >
    >I've attached some screen shot of a 'enterprise' system which one of our clients has sent
    > me - we may be able to draw on some ideas from here.

    I think that's getting too complicated for most of the users. Not even for me it's obvious what happens when I check the root without trying it at least once
    Have I then all rights (also all child permissions) or just that (root-)permission?

    I think that's just overkill!

    If we really want to do things like "if you can’t read something, then you can't edit it, because in order to edit, you need to be able to read" we can do it as follows:

    Define the permissions "Read" and "Read and Edit".
    The read function can then simply OR the two permissions and the edit function just check the "Read and Edit" permission.

    In that way it is immediately clear for the user what is meant with the permissions.

    The only disadvantage that came in my mind is that there is some redundancy in the interface (if "Read and Edit" is enabled, "Read" has no effect anymore) but my opinion that isn't a big problem.

    The people, who understand the system well, include just the needed permissions and for the others it makes no difference at all.

  • Ingo
    Avatar
    Forum Moderator
    801 Posts

    Re: Page Security interface Link to this post

    we had an internal discussion about the silverstripe permission model a couple of months back, and went with permission codes (and inheriting on group-level) rather than full-fledged ACLs,
    mainly because database-ACLs tend to get complicated and very hard to debug,
    and we wanted to provide a simple tool for developers.
    in hindsight, it might have been a bit too restrictive, but just be aware that an architectural decision has been made here recently before diving in a new approach.
    (personally, id love to see ACLs with inheritance on the permission-side/ACOs as well *g)

  • Anonymous user
    Avatar
    22 Posts

    Re: Page Security interface Link to this post

    I think Tim's approach would fit well with how things have been designed recently (see ingo's post above).

  • Sam
    Avatar
    Administrator
    679 Posts

    Re: Page Security interface Link to this post

    Yeah, I think broadly that's the way we want to go, with two points:

    * I agree with Will on the gradients - it's distracting.
    * The names of the permissions should be more verbose - perhaps with tooltips?

    2214 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.