I believe the authentication is now stable in Photark. I'm now going to start working on implementing a simple "Role Based Access Control" next, and here is the initial approach i have in mind...
I thought of creating some well defined mutually exclusive roles 1. Super admin Role : have only 1 user (The one who login from FORM authentication) 2. Registered user Role 3. Unregistered user Role : the users who are not logged in. 4. Blocked user Role And there will be other normal roles which are kind of a groups (groupRoles) these can be created by uses in "Registered user Role" and "Super admin Role" for e.g. a RegisteredUser1 in "Registered user Role" can create a groupRole called myFriends and add user1, user2 & user3 and sets myFriends groupRole permissions to allow users to add/remove images from AlbumA and AlbumB provided the users user1, user2 & user3 are also in the Registered user Role they can execute the given permissions and only the RegisteredUser1 and the Super Admin have the rights to view and edit the myFriends Role (it's users and permissions) each of these roles will have permissions 1. Super admin Role : * change users from one role to another (Registered to Blocked and other) * view and delete all albums, image, album descriptions of all users * create and manage groupRoles 2. Registered user Role : * can create an album * can delete his albums, edit album description and add/remove images from his album * create and mange groupRoles (add/remove users to it and change permissions) , he can manage only groupRoles he created 3. Unregistered user Role : * view the albums (only giving access to view by Unregistered user Role) (public albums) 4. Blocked user Role : * same as Unregistered user Role the roles are arranged in a hierarchy where Super Admin Role (top) Group Roles Registered user Role Unregistered user Role Blocked user Role the basic permissions for now *adding images *removing images *creating albums *deleting albums *editing album description I think this model is scalable in future. Please do give your thoughts on this and guide me in the correct path Suho
