extending user rights

Hi

I am developping a plugin which has to differenciate users in categories. I do not talk about difference between admin/user/guest but give more detail to the user. For exemple user can be : basic user, or silver user, or gold user or platinum user. Each sub category can access to differents plugin depending of the category.

I imagine that a good way is to extend the elgguser object, but I am not sure. can you help me ?

thanks

  • Jylocasin, a better aproach (IMHO) should be create a roles table, with the user types, and link one or more roles to each users. In a datamodel, should be something like this:

    [roles]

    roleGuid

    roleDescription

    [rolesByUser]

    roleGuid

    userGuid

    I do have plans to create a granular security framework for ELGG, and your plugin could be the basis for it. I have similar solution, but in .NET. :)

  • More interesting yet would be to look at elgg users as entities. They have a blank subtype because they are not objects. Has anyone considered working with this to develop a roles system?

  • Trajan,

    In a roles system users often have multiple roles.

    I think that relationships might be a better tool for a more granular permissions system.

    I've often wanted to develop one for Elgg but no one client would fund it by themselves and no group of clients could agree on how it should work!

    Kevin

  • @Kevin,

    am I right in thinking that subtype cannot be an array then?

  • SubTypes on the DB is an integer --
    cannot store an array in there.

    On the other side -
    For 'Roles.Permissions' User Types could be defined (design-wise) as arrays  --
    for matching on entities by particular SubTypes - and then further processing..

    We have implemented 'Roles' for individual PlugIns (Profile)
    to manage special activity by Users
    depending on the (whatever) defined User Types -
    e.g. (hypothetical examples ) Teacher, Student, etc.

    Elgg <=.1.7 had some design 'gaps' that might have made
    implementing Roles/ Permissions harder,
    but I believe that Elgg.1.8's design has fiilled those gaps
    and so a genberalized Roles/ Permissions mechaism
    will be easier to implement now.

  • Hi guys,

    Thanks for the discussion. It seems that the "role" question is blank for the moment. Will try 2 ways:

    1) creating a class derivated from ElggUser,

    or

    2) adding a field in the user profile, which could be more simple and flexible.

    I am trying today. Other ideas are still welcome.

     

  • @Jylocasin: Spend a few hours and try to assign a user to multiple roles. In the future you will thanks me. :)

  • Imho, user subtypes could work in an hierarchical role system, which would make sense in Elgg's action context. I think that's one of the approaches I will attempt to explore in hypeApprove for 1.8

  • I created the ScopedRole library with the hope that it could be used to create a role system in Elgg (or other frameworks that lack it). You could associate users with different roles in different contexts, like a site or a particular group.

    The hard part is combining role querying with the existing ACL system. Given a list of entities from a get_entities query, you'd have to do quite a bit of querying if your view had to optionally show an edit button.