Users and Security
Users
Everything about users and security is handled from the “Manage Users” page which is accessible by a link in the upper right portion of the action bar.
From here you can do several important tasks, you can reset users password should someone lose their password, you can activate inactive users and inactivate active users. Also, in the actions box on the right you can create new users.
Roles
Users can belong to one or more roles. Each role has rules that grant the ability to perform certain actions either on all content or on certain content. These content and role based rules you to open up or close down different parts of your site on a very fine grained level.
Granting and Revoking Roles
First, roles can only be granted and revoked by members of that role with the grant option. If you create a role then you automatically are given the ability to grant and revoke that role, edit it's rules, and delete it. There are two ways to grant a role to a user. The first is in the “Grant / Revoke Roles” menu in the manage users page. The second is in the manage roles page in the “Users” accordion. In that section you can see all the users who have been granted the role, and give or take away the grant option. The last user with the grant option cannot have the grant option removed, as this would prevent anyone from being able to edit or grant the role.
Editing Roles
To modify roles click on the Manage Roles link in the actions box to the right of the manage users page. This will open the manage roles page where you can edit existing roles and create new roles.
On the right of the manage roles page there is box labeled “Editable Roles” that contains all the roles on your system. Clicking on a role will load the role into the rest of the form. There are two parts of the role the rules that determine which actions the role allows the users to perform, and a list of users that have the selected role. The first save button simply saves the name of the role. To add a new rule to a role, you must first have saved the role, then click the “New Rule” button. Deleting a role cannot be undone so be careful.
By default a rule applies to all content. If you would like to select some content to grant additional privileges, click “Select Content” to open up a dialog which will allow you to search for a piece of content. If you would like to expand the rule so it applies to all content simply hit clear. If the “Cascade” check box is selected it applies not only to the selected content but all it's children as well. The edit select switches between the four main groups of actions. System Action and User actions only make sense at a system wide level, so they are only available when no content is selected. Nothing is saved for a rule until you hit the save button. You cannot undo deleting a rule so delete with caution.
System Actions
Configure System: Gives users access the “Configure System” page. Users with this permission can break your system by entering incorrect database information and see database passwords to be able to view your entire database.
ConfigurePlugins: Allows users configure and install plugins.
ImportExport: Allows access to the import export page where they can retrieve and XML dump of the entire system as well as bring in new content and comments (as drafts) by uploading xml files.
User Actions
CreateUser: Create a new user.
ActivateUser: Activate a new user or a user that has been deactivated.
ResetPassword: Reset a user's password.
EditRole: Allows you to edit roles. Be very careful with this. Anyone with this permission and one role that they have the grant option can give any permission to any registered user. Users can only edit roles that they have the grant option for.
CreateRole: Create a new role. Again be careful with this one.
InactivateUser: Deactivate a user.
Content Actions
View: View content.
ViewVersions: Access to the “Versions” page which shows all versions of content, both past versions, drafts, and other languages.
Edit: Edit content.
EditImage: Use the image editor.
EditGroup: Edit a group in the basic edit form.
AddContent: Add content to a group.
ManageContent: Access to the manage group page which allows you to reorder content and make duplicates.
EditAdvanced: Access the advanced edit page for groups this allows you to open comments, and change appearance for a group.
Publish: Make content visible to everyone with the proper permissions.
DiscardDrafts: Discard all unpublished versions of content.
Delete: Move content to the trash.
Revert: Make previous version of content the currently published version.
Undelete: Remove content from the trash.
Purge: Completely remove content from the system after it has been deleted.
Comment Actions
ViewComment: See comments.
Comment: Add a comment to content.
ApproveComment: Make a comment visible to all users.
DeleteComment: Delete a comment.
Predefined Roles
There are three special rules that are built in to Groupy that work somewhat differently than other rules.
Public
The Public role is automatically granted to everyone who visits your site. You can modify this rule so that only certain sections of your site are visible to visitors, or for instance allow visitors to comment on parts of your site. Only administrators can modify this role.
Registered User
The Registered User role is automatically granted to every registered user on the system. By default registered users can comment on content and view all the various version of a piece of content. Only administrators can modify this role.
Administrator
The Administrator role is automatically granted to the first user that is created when you set up Groupy. It is unique in the fact you cannot edit it's rules. The Administrator role can always to do every possible action defined by the system.
Publisher
There is nothing really special about this role, it can be edited and granted like any other role, but none the less is useful for running any multi-user site. By default, publishers can publish, edit, delete, and undelete any piece of content as well as approve and delete any comment.