常见CMS角色和访问级别 [英] Common CMS roles and access levels
问题描述
我目前正在写一个CMS,并记得有人(可能在这里)批评现有的CMS没有足够的用户权限系统。我有一个计划的方法,但它觉得它已经陷入通常的陷阱是有点太细粒度,这使得理解和实施它对最终用户恐怖。
I am currently writing a CMS and remember someone (it might have been on here) criticise the existing CMS for not having a robust enough user permissions system. I've got a method planned out but it I feel it has fallen into the usual trap of being a bit too fine-grained which makes understanding and implementing it a horror for end users.
我认为有一系列的默认用户角色与权限将是这个答案,所以我想我的问题是这样:
I think having a range of default user roles with permissions would be the answer to this, so I suppose my question is this:
默认角色是什么
提前感谢!
推荐答案
这是我在大多数项目中结束的最佳实践,非常满意:
This is the "best practice" I have ended up with in most projects and am very happy with:
强> 1。角色
对于角色,我建议很大的灵活性,即能够自由创建和定义用户帐户和组贡献者,管理者等不是硬编码的,而是放入可以根据应用改变的配置文件)。角色配置对于用户是不可访问的,但是引擎本身应该没有硬编码的角色。
When it comes to roles, I recommend great flexibility, i.e. the ability to create and define user accounts and groups freely (roles like "contributor", "manager" etc. are not hard-coded, but put into a configuration file that can be changed per application). The role configuration is unaccessible to the user, but the engine itself should be free from hard-coded roles.
2。权利
权利是需要易于理解和实施的地方。
我在使用和检查代码/ API级别的非常细粒度的权限方面取得了非常好的经验:
I have made very good experiences working with, and checking against, very fine-grained rights on the code / API level:
- 查看
- 查看
- 编辑
- 更改名称
- 重命名
- 删除
- 移动
- 更改权限
- 等。
- see
- view
- edit
- change name
- rename
- delete
- move
- change rights
- etc.
那些。
but the user never sees those. For them, they are grouped into a very small number of "right groups":
- 只读 li>
- 编辑
- Administer =移动,重命名....
- Read Only
- Edit
- Administer = Move, rename....
用户从不会看到移动权限,而只看到管理权限组。
The user never sees the "move" right, but only the "Administer" rights group.
这样,您就可以在代码中保留细粒度权利的全部功能对于诸如实习生必须能够编辑页面,但不能够改变其标题或删除它们之类的规则,向CMS添加有价值的资产。对于最终用户,此功能保持不可见,权限系统易于使用。
That way, you retain the full power of fine-grained rights in your code for the future - you can, for example, easily accommodate for a rule like "interns must be able to edit pages, but not be able to change their titles, nor to delete them", adding a valuable asset to the CMS. For the end user, this functionality remains invisible, and the rights system easy to use.
这篇关于常见CMS角色和访问级别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!