-
Notifications
You must be signed in to change notification settings - Fork 36
Structuring User Groups Permissions to Accommodate User Facing Site Permissions
Currently, the Groups permission management tool in Admin Panel exclusively provides permissions/access to features and data within the Admin Panel. If a user has a permission like Translation, but doesn't have access to the Admin Panel, they are not able to do anything with Translations.
The Community Comment Moderation tool on the user-facing site allows users to manipulate objects in the Community Comment Moderation model. This should only be accessible to certain users.
This creates some complication/confusion as the Groups permission tool is currently the only place to provide user-level permissions, but is also so far exclusively focused on adding permissions that are used within the Admin Panel. It's also the case that the user-facing site reveals less data from the model and has less functions to manipulate the model's objects.
This creates a scenario where if a user has access to the Community Comment Moderation model, they can see some data and perform some manipulations on the user-facing site - but if they are also given Admin Panel access, they can now see more data and perform more manipulations.
That greater level of access happens without any change in the user's permissions for the Community Comment Moderation. This is unique within the permissions management, because normally Admin Panel access doesn't provide access to any specific models and there is no reason to give a user permission to a model before they have Admin Panel access.
User stories:
As a PLATFORM ADMIN I want permissions I give to users to provide predictable access to data and functions. I don't want providing permission A to unexpectedly also give more access to model B. The exception here would be Admin Panel access, which has until now been a clear prerequisite to access any data or features from other models.
As a PLATFORM ADMIN I want a consistent and easy to understand framework for permissions. I want it to be very clear whether I am giving a user a permission on the user-facing site, or the Admin Panel.