Setting User Permissions
This is from the website design spec, but it hasn't been addressed yet and is becoming important. I will set this forum post to TdB members eyes only. Basically, I need the Clann to decide how this should be handled because handling permissions is granting me big powers, and yet I am not holding any office at this time and so these powers are un-regulated.
3. Controlling Access
I've come up against one issue that I don't know how to handle. When someone signs up on the site (today was Dairchan), I don't know what permissions to grant. For instance, I think he is still probate status - but since I didn't have group called probate (what would they not be able to do on the site that a member can, or more than a Friend, or an Authenticated user from Norseland, or an anonymous user? You see my point I think. And I am assigning him the permissions, so I need a list of folks and who are members, probates, friends and who aren't.
- Printer-friendly version
- Login or register to post comments
Point well taken. For
Point well taken. For instance, I'm allowed to make comments but can't actually post (start) any topics. Which is less access than what I was allowed under the Yahoo group.
In fact, now that I've
In fact, now that I've actually posted a comment, I've also discovered that I'm further limited because all my comments have to be approved first.
Wrong settings
I had a couple of things set up incorrectly! I think authenticated users should be able to create new topics, and post comments without approval as is the case on Yahoo. However, anonymous users should not be able to start topics, and their comments should be moderated. I have changed the settings and you should be good to go now. Sorry!
another error
The other thing I had wrong was TdB Member access. At first I didn't realize this was broken, then I noticed that Gobae was replying to a post that I had set as viewable only to TdB Members which he shouldn't have been able to see in the first place. :( I found the setting I had wrong, and fixed it - but then I realized that Gobae wouldn't be able to see the posts he had just made anymore! It would be like the 'dropped cell phone call' commercial where the guy hears silence on the other end... so I have set this topic as viewable by all so he won't think I never approved his comments. This is the only way stuff will get sorted out here though, if we start trying to use it!
user list
While fixing the above errors, I also re-enabled the user profile listing for authenticated users. Now authenticated users will see the users link at the top right of the page like TdB Members and Friends do. This list doesn't show private personal information, just the stuff set as Public. Previous discussions here with Guthrum led me to believe that we shouldn't include the real name in the Public profile info.
perms change
I had second thoughts about allowing anonymous users comment rights, even if they are moderated. Allowing this I think will not encourage folks to register on the site because it will be possible to comment, and only those paying attention will notice the message that says that the post they just made is awaiting approval. Also, it won't be long with this setting before I am inundated with a long list of spam awaiting approval. Better, I think, to leave commenting for authenticated users only. Anonymous users can still *view* comments (that aren't set for TdB members or friends only)
sounds good.
I think you made the right decision.. those interested enough to comment should join the site and i dont think you should be burdened with the tedium of aproving anonymous comments from outer space.
time better spent on content.
question & quorum
My main concern remains unanswered however, and perhaps can be dealt with at the meeting: I am currently the one who approves folks and sets their permissions. I need an official list of current member standings so I can set them appropriately. Is there an official list that is kept?
Perhaps this should be a new page (perhaps called 'The Quorum Page') where we keep a list of who counts as quorum, who is inactive, etc. I think I can make a new 'role' called Secretary or something and set that page to editable by whoever is the Secretary (and maybe the Chieftan) so it can be kept up to date online. This page could be set as viewable only by TdB members. [This is a similar idea to having a 'Treasury' page as discussed previously here]
What is the differance
What is the differance between and authentacated user and I friend? It seems like member would be any member active or inactive, and probates. The only differance between inactive members and active is paying dues and voting.
user classes
There are two built-in user classes:
In addition to this, there are two roles set up:
If an authenticated user is a TdB member I check a box in their profile for 'TdB Member', if an authenticated member is an official Friend, I check a similar box for 'Friend'. This means that things can be posted to the site and set for
This should provide more control over content that we had at the Yahoo Group since if you registered with the Yahoo Group, you had the same access as any other user.
We are still in the process of designing this system of permissions and things may change.
Thank you very much. I
Thank you very much.
I wasn't going to say anything since a) I tend to quiet anyway b) I'm a guest here so your rules go.
But since the topic was brought up I thought I'd just give a heads up about my permission settings.
rules shmules
As you may have already surmised, our website rules (such as they are) are in a constant state of flux, and not very well tested. I appreciate your input! The Clann Laws however are carved as Ogham in stone and anything we do here should not be allowed to trump the wisdom of our Fili.
Wisdom? Fili? I don't get it?
I just see that as far as the website goes, a friend could be anyone, but that doesn't give them any "rights" with the clan. That is a voted on honor.
As far as photos go, how about any member can post any photo he or she wants, but it is only viewable if you are signed on as a member. Then there are other photos that anyone can submitt, but they would be viewable by anyone, but would be approved by the webmaster for content. Example: I post a photo of myself taking a shower. I'm saying that any member can view it (at their own risk). No one else may. I'm joe public and I submitt a photo of pensic war, it goes on a differnt page/folder where anyone can see it, but only after it is approved for content.
Fili, Friends, Fotos
I refer you to the Laws themselves for clarification on the Fili's responsibilities. I offered the comment as an attempt at in-period speech honoring the various persons responsible for keeping the Laws over the years, though we all know the laws were actually crafted by consensus of the Clann as assembled at past meetings and not really just handed down from our ancestors.
Actually being an official friend *does* give you a right normal users of this site might not have. I refer you to the Laws on Classification for an enumeration of those rights.
Photos:
Friends
There are a lot of people who are not official friends of the clan, but are our friends. Take any of the members of Estmar. They might get on our website and share pictures. That would be great. They aren't official friends, but we have very good relations. Does that give them carte blanc? no. It would mean that any photo would be approved before it got posted for public viewing. I don't think we sould mix too much the website friends and the official freind of the clan, or FOC for short.
friends are for the weak
In all the years of the Yahoo list I've never seen anyone 'drive by' to the group and upload images, but I suppose it could happen.
Since I personally approve any new person signing up on the site, how am I to tell at that time who is a friend (little "f" = people we know personally) and who is a sleeper-spammer? I don't know everyone you all know, and I don't even know the real name or email address of many people I've known for years in this hobby. I might only know their medieval name! Perhaps we could just expand the definition of Friend (big "F" = user access class) to include all people that we know are real people since we have talked to them or met them at an event? We would need to work out a more formal procedure the Clann could use to monitor this process so that it's not Comyn acting in a vacuum approving people he likes and dissing people he doesn't - or, at least then so that friends (little "f") don't fall through the cracks and can't participate because Comyn never set the user access properly.
unofficial friends
Having had to deal with this some more, I totally agree with Guthrum's statement above. The 'website role' called 'Friend' now means any authenticated user of the site that we actually KNOW and want to be able to access more of the site. Gobae has been set as a 'Friend' on the site so he can view threads like this one, even though he isn't an 'Official Friend of the Clann'. They are different things - one having to do with online stuff and the other having to do with rights at an event.
New users
Basically, what hasn't been answered yet for me is this:
I don't know everybody that you all know, so it's difficult for me to decide what to do when somebody I don't recognize applies for an account here without checking them out with everyone. This slows up the process, and some people get discouraged and give up if they don't get an immediate email back and just never come back to the site (I've done this myself, so I know it happens). Example of the problem: In the case of one user of this site the person had an account on our Yahoo list *and* Norseland too, so I just figured you all knew who that person was - then I found later *nobody* knew the person!
In the past, to deal with new people, I've sent an email to Aonghus, or Colin asking if they know who they were. I would *really* like to craft a standard welcome challenge email that we all agree on that I can send to new folks so they know they have to state who they are (Akin to a "what is your lineage!") or who they know in the group before acceptance. That would put the onus back on them to respond and they wouldn't be hanging around waiting on me to investigate them. Alternately, we can just accept anyone as an authenticated user, but then give special permissions to people we know (that's pretty much what I've been doing). That way new people from other parts on the country can participate in the forums, but we can still hide stuff to only TdB members if necessary. (Like this forum thread :)
I like the idea of a stock
I like the idea of a stock email that goes back to them asking who they know that introduced them to our site.