Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

Page Security interface


Go to End


7 Posts   2697 Views

Avatar
Tim

Community Member, 201 Posts

17 July 2007 at 7:08pm

Edited: 17/07/2007 7:11pm

Following up on the great work Markus has been doing on page security (we now have the ability to secure pages within the CMS), I've feel we need a nicer looking interface to support these actions.

Below are some is a proposed concept which I think is a significant improvement on what we have currently.

The basic idea is all the actions are listed on the horizontal axis, while the groups of users are one the vertical axis.

I think this is going to be quite extensible, and easy to understand. What do you guys think?

Avatar
Willr

Forum Moderator, 5523 Posts

17 July 2007 at 7:38pm

The new idea seems much better and easier to understand though I would say minus the super cheesy purple and blue gradients :P

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

17 July 2007 at 9:13pm

Edited: 17/07/2007 9:16pm

OK, here is the attachment.. or not!?

I don't understand why it is not attached, even when I uploaded it (http://www.silverstripe.com/assets/Attachments/proposal-security-interface.gif)!?

Anyway, here it is as a inline-image:

Avatar
Tim

Community Member, 201 Posts

17 July 2007 at 10:21pm

Hi Markus

I like where you are going with your interface - its more "standard" than what I've proposed and that's always a good thing.

I think having the concept of hierarchical security is important however thinking about this some more (I didn't address this either). For example, if you cant read somthing, then you can't edit it, because in order to edit, you need to be able to read.

What do you think is the best way to represent these logical constraints in the user interface? Maybe having a tree as opposed to a list?

I've attached some screen shot of a 'enterprise' system which one of our clients has sent me - we may be able to draw on some ideas from here.

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

18 July 2007 at 1:29am

Thanks :-)

> I think having the concept of hierarchical security is important however thinking about this
> some more (I didn't address this either). For example, if you cant read somthing, then you
> can't edit it, because in order to edit, you need to be able to read.

That's the question... do we really want to implement/support such a hierarchical security system?

> What do you think is the best way to represent these logical constraints in the user
> interface? Maybe having a tree as opposed to a list?
>
>I've attached some screen shot of a 'enterprise' system which one of our clients has sent
> me - we may be able to draw on some ideas from here.

I think that's getting too complicated for most of the users. Not even for me it's obvious what happens when I check the root without trying it at least once :-)
Have I then all rights (also all child permissions) or just that (root-)permission?

I think that's just overkill!

If we really want to do things like "if you can’t read something, then you can't edit it, because in order to edit, you need to be able to read" we can do it as follows:

Define the permissions "Read" and "Read and Edit".
The read function can then simply OR the two permissions and the edit function just check the "Read and Edit" permission.

In that way it is immediately clear for the user what is meant with the permissions.

The only disadvantage that came in my mind is that there is some redundancy in the interface (if "Read and Edit" is enabled, "Read" has no effect anymore) but my opinion that isn't a big problem.

The people, who understand the system well, include just the needed permissions and for the others it makes no difference at all.

Avatar
Ingo

Forum Moderator, 801 Posts

19 July 2007 at 9:32pm

Edited: 19/07/2007 9:33pm

we had an internal discussion about the silverstripe permission model a couple of months back, and went with permission codes (and inheriting on group-level) rather than full-fledged ACLs,
mainly because database-ACLs tend to get complicated and very hard to debug,
and we wanted to provide a simple tool for developers.
in hindsight, it might have been a bit too restrictive, but just be aware that an architectural decision has been made here recently before diving in a new approach.
(personally, id love to see ACLs with inheritance on the permission-side/ACOs as well *g)

Avatar
Sam

Administrator, 690 Posts

24 July 2007 at 6:17pm

Yeah, I think broadly that's the way we want to go, with two points:

* I agree with Will on the gradients - it's distracting.
* The names of the permissions should be more verbose - perhaps with tooltips?