Hi, If we define a permission as Super Friends can comment on a Mashup, then non-super-friends cannot. What is the difference between non-super-friends and blocked people?
Or it like this? By default all people can comment on Mashup, except blocked people? So for commenting Mashup server will check isDenied(mashupX, userY) ? Should user manager offer both scenarios and Mashuppers will pick one of them at the development time? Thank you, Dimuthu Jonathan Marsh wrote: > Jonathan Marsh - http://www.wso2.com - http://auburnmarshes.spaces.live.com > > > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> On Behalf Of Dimuthu Leelarathne >> Sent: Friday, September 26, 2008 5:07 AM >> To: [email protected] >> Subject: [Mashup-dev] User Permission Case Study >> >> Hi all, >> >> I have picked Mashup Server to be one of my case studies to study >> permissions on WSO2 products. >> >> I talked to Keith as my first resource person. Here is the list I >> came up with. >> >> Please help me to improve it. >> >> >> Permissions >> 1-Tag >> 2-Comment >> 3-Rate >> 4-Edit Mashups >> 5-Upload Mashups >> 6-Create a user group using other Mashup Users >> 7-Assign "Friends" role to user group >> 8-Assign "Super Friends" role to user group >> 9-Assign 1,2,3,4 and 5 above permissions to user group >> 10-Add/Edit/Delete users >> 11-Admin role become a normal user >> 12-Normal user become an admin role >> > > Maybe better stated as > 11-User with Admin privileges can act as a Normal user (e.g. suspend their > Admin privileges.) > 12-User with Admin privileges can restore their Admin privileges. > > Maybe this concept of "suspending/restoring" a role's privileges should be > generalized - are there scenarios where I am Joe's "Super Friend" but only > want to act as a normal user? > > We also have an anonymous user who only has permissions to view. It's > possible we could limit that permission in the future too (e.g. limit source > code access only to registered users.) > > We haven't thoroughly thought through "Friends" or "Super Friends" roles, > but we also might want a "Blocked" role, to prevent somebody who has posted > abusive comments from continuing to do so. > > > > >> Roles >> Super Admin - all 12 permision on all resources >> Mashup Users - all first 9 permission on their resources >> > > A mashup owner also has the permission on the mashups they own to delete > tags and comments made by other users. In general the permission to tag and > comment are not identical to the permissions to delete tags and comments. > If you authored a tag or comment you can delete it. If you own the resource > being tagged or commented, you can delete other people's comments. If > you're an admin you can delete tags or comments anywhere. > > >> Friends Role - user defined set of permissions out of 1,2,3,4 and 5 >> Super Friends Role - user defined set of permissions out of 1,2,3,4 and >> 5 >> >> Further more, >> Admin username/password should not be hard coded. >> > > We collect this information on first run, which is a good practice. > > >> Thank you, >> Dimuthu >> >> _______________________________________________ >> Mashup-dev mailing list >> [email protected] >> http://mailman.wso2.org/cgi-bin/mailman/listinfo/mashup-dev >> > > > _______________________________________________ > Mashup-dev mailing list > [email protected] > http://mailman.wso2.org/cgi-bin/mailman/listinfo/mashup-dev > > _______________________________________________ Mashup-dev mailing list [email protected] http://mailman.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
