All applications of this type have roles and I have noticed over many years a reluctance from developers to make too many roles or make the role system too complex. In more recent times there has been a move from many application (Joomla is a good example) to allow for a far more fine tunes approach to roles, admitting, perhaps, that in its initial design, the core functionality cannot and should not predict how or why an administrator wants the site to work in any particular way.
With my experience so far of Elgg (and I admit that I am probably missing many tricks) I have missed being able to create specific roles that are assigned very specific permissions. With Liferay it is possible to define multiple roles and to associate those roles to one or many portletts (Liferay plugins).
For example, every new instance of their forums can be set up to allow whether a specific role can post, read, edit, moderate, upload images, add attachments and so on. So, for communities (their versions of groups) you can create several layers of members in addition to the community owners, admin, moderators and so on, and then define what each of those can do on a community by community basis.
You can also decide which roles have access to which application (and to what level) on a sitewide basis that cannot be overuled by any local changes.
When setting up a system, therefore, if you wish you can carefully construct as complex a hierarchy of roles as you need, or you can just use the default ones which are pretty good already.
Translating that into Elgg, I would see it working in the following way:
The creation of clearly labelled default roles (some of these exsist already, obviously)
Global Roles - The Management!
Group Roles - from the user community
General Roles
All of these roles can be fine tuned and additonal roles can be created that have very specific privilages. For instance a group may set up two forums - one can be seen by guests, the second cannot.
When creating a complex role system such as this, it is important to give careful thought to the DEFAULT position. Programs such as Elgg must be as useable as possible out of the box and users will not want to have to mess about with basic settings just to get a site going!
Role Templates
Role templates are effectively SQL inserts that create a certain type of community. These would have preset settings for the default roles as well as any additional custom roles. These can be “installed” by the superadmin through the admin interface. Equally, a superadmin can export their particular set up for others to use.
This is especially useful for first time users who can use a role template to create one of a number of standard communities (completely private to all-together-and-pray-it-works) before they then start to fine tune.
Standard Role Interface. Every plugin would, by default, use exactly the same role interface. This is vital so that what every third party plugin is used, the way it is set up is recognisable adn familair. A Plugin Development Pack would contain the backbone permission and role system for developers to use.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
I have noticesd an old discussion about roles here:
http://community.elgg.org/mod/groups/topicposts.php?topic=235673&group_guid=212846
The problem with roles being handled by a plugin rather than being worked in as part of the core is that it does not force other plugins to respect and use those roles.
As part of the core, all plugins would benefit from the expanded role system and their developers would be provided with an API and templates so that they can include the role control panel into the various elements of their plugin.