I'm experiencing some coder's block while trying to plan and develop a system around access controls for our users for a specific project/subsite in our website.
We have 3 groups:
There are also more ad-hoc associations and groups, an author can be assigned approvers, which will create (or update) a group (that group will be called [authorname]Approvers", like aaron.mcdonald@maininator.comApprovers to use an example from the sample content).
I have the creation and assignment implemented, and I even have the mechanism for a user to request their story be published and a the associated approver group is tasked with a workflow step, but I need to be able to restrict access to the publish, and start workflow features for a given story (page) if the user isn't a story's author, or the approver of that author (or otherwise has publish rights).
Currently newsauthors have edit rights for everything under /content/uc/news/articles, and news approvers have replication rights to those areas. I need something a bit more complex:
let's establish 4 users, aaron, boyd, carl, dean with the followiug group memberships:
And some content:
Under my current setup, everyone has edit rights to all these pages, because they are all newsauthors. And carl and dean can activate either page, because they are news approvers. However, I need to restrict it so that
Of course, news admins continue to have full rights to edit/replicate anything.
Are effective permissions on a page-by-page basis my best bet here?
Views
Replies
Total Likes
Yes. For this complex petmission structure, looks like page by page is way to proceed. However, i will double check this tomorrow,
Views
Replies
Total Likes