Enhancement - MODX Permissions #11185
Comments
alroniks
added
rfc
urgent
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
alroniks
added
rfc
urgent
MODX Permissions
Summary:
I had some ideas/suggestions for potential, future improvements.
There are probably many contributors that have submitted their own views, or you may have your own, however this is just my general thoughts.
As with many MODX users, I find MODX permissions quite complex to setup and even more complicated when trying to explain them to end-users e.g. non-technical clients etc.
Through my day job, I am an administrator for a number of SharePoint sites and I think some of the permission principles could be applied to MODX. SharePoint has it's own set of issues (not being friendly for templating is one), but it does permissions pretty well.
I'm going to assume that you don't know anything about SharePoint in this instance.
How SharePoint permissions work
Thinking purely about SharePoint sites (excluding Site Collections), permissions are applied at 3 levels:
MODX, thinking about it, seems to operate in a similar way to SharePoint, except there are no roles in SharePoint and there is only one context, as SharePoint site administration is done in the front-end anyway.
The way SharePoint works is:
There are some group specific settings that you can apply, for example; who can edit the group e.g. named system admin or a specific group
See this SharePoint permissions list as an example. It is similar to the way MODX defines policy permissions looking at it, except there are fewer. I don't think this would be a detriment to MODX in anyway if the list was simplified or multiple detailed permissions were possibly rolled into one that was more simplified.
In SharePoint, permission policies are set out-of-the-box, although you can create custom one's from an existing template (similar to MODX), except the permissions in SharePoint are not as many or as granular, but they give you flexible control.
In relation to MODX
As mentioned, I think that MODX permissions work in a similar way to SharePoint permissions, except I find MODX permissions really confusing for some reason.
User Groups
These are good and makes sense to me, although there's a consistent thing with applying roles in the tabs that confuses me.
Policy Templates
The way that policy templates are currently listed could be improved by showing a list of the same permissions for each template, but depending on the template, certain permissions would be greyed out.
You might say that there's not any point having certain permissions listed if they're not usable, but all templates would have a consistent, recognisable list of permissions and this would make it a better experience for the user to instantly understand what's possible and what's not for a given policy template
Roles
Would it be possible to do away with Roles? Not sure. I don't fully understand how they work, but would they be needed if MODX were to adopt a simpler approach as mentioned above?
Resource Groups
Again, don't really get them and had to play around for a while to get some stuff to work properly when I was doing it.
My immediate thought would be that resources would inherit permissions linked to certain groups and those groups would be displayed in the access settings of the resource. The admin would then have an option to remove specific groups from a specific resource or modify the permissions for that group slightly, within the resource, if they chose to.
I'll shut up now...
I'm not a seasoned developer by any stretch of the imagination and I totally understand that my objective view sounds simpler than it probably would be to implement or change.
However, it's something to think about.
The text was updated successfully, but these errors were encountered: