Fine grained user roles and permissions
Alaveteli currently has a 2-tier permissions system:
- general user
- admin
There is a requirement to be able to define & grant more fine-grained permissions to various site users. This is a draft proposal to allow Alaveteli to (generically):
-
define various arbritary roles within the system - (non-exhaustive list) eg commenter, bulk requester, newbie requester, voter-upper, sysadmin, superadmin, community moderator etc.
-
map these roles to system _privileges _via a role_privileges mapping
-
grant & revoke these roles to users (user_role)
-
roles, user_role & role_privileges would probably be stored in the database, allowing them to be editable via admin screens
-
privileges could also be listed in the DB, at least to be able to clearly state what they, and to allow for data-driven configuration. These would be referred to by functions and screens in code.
This basic framework would allow the Escalating-privileges-system to be developed in a evolutionary way.