Amgine
Just popping in
Posted on: 2002/1/17 3:06
#292201
More and more interested parties are asking about this general issue - across many modules now. If memory serves, expressions of interest cover the forums, downloads, gallery, (the promised) sections, and now the news modules.
It has been demonstrated that hacks can be made to accomplish such access control, but I think it is an important enough issue for the developers to address. Whilst I would not want something like this to significantly delay the release of RC2, it would be nice to see some indication of where this sort of capability fits within their general plans.
As XOOPS matures, capacity for a finer level of access control should be integrated in the very same thoughtful way that the rest of the system has been conceived and developed to date. The product developed to date is very promising for the general portal class site, but integrated, strong, but still easily usable access control will give tremendous power to those interested in providing a multi-tiered or group-specific type service - for which XOOPS already provides a strong foundation.
P.S. - additions below
A corollary of this capability would be that only those topics/modules/forums/whatever a user had appropriate access to would appear to that user - no more 'you don't have permission' messages (sometimes after considerable work)! Users should not even know the stuff they don't have access to actually exists.
Cleverly constructed this would not necessarily impose any extra overhead (site slowdown) because checks for permission are already made - smart db design and querying should not make a sophisticated access checking system onerous on site performance.
Also forgot that jerryj (I think) wanted the capability to restrict certain blocks to certain pages - and potentially to certain users - so this too could be a consideration for an 'access control module'.
It would be nice also to see the capacity for multiple levels of access to be possible, e.g.,:
read < write/add/post/upload < edit < delete
where each level includes the permissions below it.
I know this starts to get quite complicated - and don't just say go use PN - but the XOOPS devs have already demonstrated their prowess in making quite complicated tasks relatively easy for admins to use.
My general proposal - hinted at above - would be that this is some sort of module that those who wanted access control over and above the current default model (which suits many - most?) could activate and configure to suit particular site requirements. Only those who really wanted/needed it would ever have to bother with it.
It would be nice to get some indication of interest in this sort of 'feature set'.
<small>[ Edited by Amgine on 2002/1/16 22:37:11 ]</small>
Re: News / groups / visibility
2002/1/17 3:06 But one should be able to do this ...More and more interested parties are asking about this general issue - across many modules now. If memory serves, expressions of interest cover the forums, downloads, gallery, (the promised) sections, and now the news modules.
It has been demonstrated that hacks can be made to accomplish such access control, but I think it is an important enough issue for the developers to address. Whilst I would not want something like this to significantly delay the release of RC2, it would be nice to see some indication of where this sort of capability fits within their general plans.
As XOOPS matures, capacity for a finer level of access control should be integrated in the very same thoughtful way that the rest of the system has been conceived and developed to date. The product developed to date is very promising for the general portal class site, but integrated, strong, but still easily usable access control will give tremendous power to those interested in providing a multi-tiered or group-specific type service - for which XOOPS already provides a strong foundation.
P.S. - additions below
A corollary of this capability would be that only those topics/modules/forums/whatever a user had appropriate access to would appear to that user - no more 'you don't have permission' messages (sometimes after considerable work)! Users should not even know the stuff they don't have access to actually exists.
Cleverly constructed this would not necessarily impose any extra overhead (site slowdown) because checks for permission are already made - smart db design and querying should not make a sophisticated access checking system onerous on site performance.
Also forgot that jerryj (I think) wanted the capability to restrict certain blocks to certain pages - and potentially to certain users - so this too could be a consideration for an 'access control module'.
It would be nice also to see the capacity for multiple levels of access to be possible, e.g.,:
read < write/add/post/upload < edit < delete
where each level includes the permissions below it.
I know this starts to get quite complicated - and don't just say go use PN - but the XOOPS devs have already demonstrated their prowess in making quite complicated tasks relatively easy for admins to use.
My general proposal - hinted at above - would be that this is some sort of module that those who wanted access control over and above the current default model (which suits many - most?) could activate and configure to suit particular site requirements. Only those who really wanted/needed it would ever have to bother with it.
It would be nice to get some indication of interest in this sort of 'feature set'.
<small>[ Edited by Amgine on 2002/1/16 22:37:11 ]</small>
