Users

      root permissions

      admin permissions

      librarian permissions

      human permissions

      robot permissions

    Modes

      private

      blog

      modwiki

      openwiki

Users

Permissions are global and if the same user can login on different sites, it will have the same role. If you trust the user on one site, but not on another, then create another user with a different username.

If a logged in user update the language, all the sites on the same instance will use that language for this user.

We define 5 levels of permissions.

root permissions

The users with root permissions have full access to anything, but most important, they can create new sites, change settings, add templates, etc.. The same login works for all the sites. Given that being able to access the templates means being able to inject code, this role should be reserved to people that know what they are doing and have a shell access.

They don't need to belong to a particular site but in this case they cannot recover the password via mail.

admin permissions

They can change a subset of site settings (notably, the ones which don't require restarting the webserver or shell access) in addition to the librarian permissions (see below). Only a root user can promote an user to admin. Users they create are always librarians (there is an item in the user dropdown menu on the navigation bar).

librarian permissions

Every site can and should have one or more librarians with login. They are able to access the revisions, approve the texts, etc. Special pages are always reserved for them.

They can also create fellow librarians which will share the same privileges. They are peers and they can create peers.

There is an item in the user dropdown menu on the navigation bar for this purpose.

human permissions

This is not strictly speaking a role, because no login is required. Anyway, to access some part of the sites (adding new texts, editing, the bookbuilder), a prove that the user is a human and not a bot is required. This is implemented via a question which the human has to answer. It takes 10 seconds and after that the humanity of the user is not questioned any more. Also, they should have cookies enabled (otherwise we can't store a session for them).

robot permissions

Humans which don't prove to be such and robots can access all the public part, including reading and download.

Modes

Each site can run in one of these three modes, which differ on the privileges granted to the humans. Site modes can be set in the admin, under the General configuration stanza.

private

Only logged in can access texts and the site.

blog

This mode restricts access to the text editing to librarians only. Humans can still use the bookbuilder.

modwiki

This mode is a "moderated wiki". Humans can add new texts and edit them, but approvals and publishing is reserved to the librarians.

openwiki

This mode is an "open wiki". Humans can add new texts, edit them, and the result is published right away. Revisions are kept in the git, so it's always possible to revert to a previous one (but could be complicated and messy). Use at your own risk, but it could make sense as a private wiki or in a LAN.