-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathroles.muse
92 lines (65 loc) · 3.14 KB
/
roles.muse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#pubdate 2017-11-26 12:04:12 +0100
#title Site modes and user roles
#lang en
#teaser Description of the user roles used by amusewiki
#topics doc
** Users
Permissions are global and if the same user can login on different
sites, it will have the same role. If you trust the user on one site,
but not on another, then create another user with a different
username.
If a logged in user update the language, all the sites on the same
instance will use that language for this user.
We define 5 levels of permissions.
*** root permissions
The users with root permissions have full access to anything, but most
important, they can create new sites, change settings, add templates,
etc.. The same login works for all the sites. Given that being able to
access the templates means being able to inject code, this role should
be reserved to people that know what they are doing and have a shell
access.
They don't need to belong to a particular site but in this case they
cannot recover the password via mail.
*** admin permissions
They can change a subset of site settings (notably, the ones which
don't require restarting the webserver or shell access) in addition to
the librarian permissions (see below). Only a root user can promote an
user to admin. Users they create are always librarians (there is an
item in the user dropdown menu on the navigation bar).
*** librarian permissions
Every site can and should have one or more librarians with login. They
are able to access the revisions, approve the texts, etc. Special
pages are always reserved for them.
They can also create fellow librarians which will share the same
privileges. They are peers and they can create peers.
There is an item in the user dropdown menu on the navigation bar for
this purpose.
*** human permissions
This is not strictly speaking a role, because no login is required.
Anyway, to access some part of the sites (adding new texts, editing,
the bookbuilder), a prove that the user is a human and not a bot is
required. This is implemented via a question which the human has to
answer. It takes 10 seconds and after that the humanity of the user is
not questioned any more. Also, they should have cookies enabled
(otherwise we can't store a session for them).
*** robot permissions
Humans which don't prove to be such and robots can access all the
public part, including reading and download.
** Modes
Each site can run in one of these three modes, which differ on the
privileges granted to the humans. Site modes can be set in the admin,
under the General configuration stanza.
*** private
Only logged in can access texts and the site.
*** blog
This mode restricts access to the text editing to librarians only.
Humans can still use the bookbuilder.
*** modwiki
This mode is a "moderated wiki". Humans can add new texts and edit
them, but approvals and publishing is reserved to the librarians.
*** openwiki
This mode is an "open wiki". Humans can add new texts, edit them, and
the result is published right away. Revisions are kept in the git, so
it's always possible to revert to a previous one (but could be
complicated and messy). Use at your own risk, but it could make sense
as a private wiki or in a LAN.