You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With respect to the implementation of an owner property for content items (#490) and a 'site-editor' role (#491), the rights and permissions should be checked and defined according to a concept of access rights for editors (we have a concept, it is, however, still open for discussion).
Affected
Users, Managers, Admins
Minimal functionality
define editor rights and permissions according to concept
define a 'multi-site editor' (or e.g. 'super editor', 'instance editor', 'main editor', etc.)
Concept for permissions for Editors in a multi-site setting
The Role model gets an editor field, which is similar to the manager field, an m2m with sites.
A multisite Editor has all sites of the Instance, or it should be a checkbox.
A site Editor has usually only one site but can receive more.
The multisite Editor should have CRUD permissions for all element objects (ModelPermission level).
The site Editor needs more fine-graind Object-level permissions.
This requires that the element objects also receive an additional "owner-ship" field (can be done via the sites ?)
Catalogs
(update) Editor-rights per site, only an Editor of the site can edit Catalogs of their own site.
Editorrechte für Mandanten vergeben, d.h. ein Editor kann nur Inhalte seines Mandanten editieren
(read) An Editor sees only Catalogs from his site, or Catalogs shared from other sites as read-only.
Editor sieht nur Kataloge seines Mandanten (ggf. mit Möglichkeit, die anderen Kataloge "lesend" anzuzeigen)
(multisite editor role property) An Editor with rights for all sites inside the instance.
Supereditor, der alle Mandanten bearbeiten kann, kann alle Kataloge sehen
Domain
(read) Readable for all site Editors
Lesbar für Editoren
(create and update) ModelPermission Only for the multi-site Editor
ObjectPermissions per site by each site Editor
Optionsets
(read) Readable for all site Editors
site Editors can not update optionsets which are used in Catalogs (which are used) by other sites
Editoren solllten keine Sets bearbeiten könnnen, die Kataloge andere Mandanten betreffen
(create and update) multisite Editors has ModelPermissions
site Editors have Objectpermission
Conditions
same as Optionsets
Tasks
same as Optionsets
Views
all are CRUD-able for multisite Editor
site Editor can CRUD for their own site (can not delete shared views)
Import
multisite Editors can update Catalogs from each site at import.
site Editors can import new Catalogs for their own site.
can update own Catalogs at import
The text was updated successfully, but these errors were encountered:
MyPyDavid
changed the title
define and implement rights for editing content items according to rights concept (multi-site editor)
define and implement permissions for editing content items according to rights concept (multi-site editor)
May 11, 2022
Rationale / Begründung
With respect to the implementation of an owner property for content items (#490) and a 'site-editor' role (#491), the rights and permissions should be checked and defined according to a concept of access rights for editors (we have a concept, it is, however, still open for discussion).
Affected
Users, Managers, Admins
Minimal functionality
References / Verweise
Concept for permissions for Editors in a multi-site setting
The
Role
model gets aneditor
field, which is similar to themanager
field, anm2m
withsites
.A
multisite Editor
has allsites
of the Instance, or it should be a checkbox.A
site Editor
has usually only one site but can receive more.The
multisite Editor
should have CRUD permissions for all element objects (ModelPermission level).The
site Editor
needs more fine-graind Object-level permissions.This requires that the element objects also receive an additional "owner-ship" field (can be done via the
sites
?)Catalogs
Domain
Optionsets
Conditions
same as
Optionsets
Tasks
same as
Optionsets
Views
Import
The text was updated successfully, but these errors were encountered: