integreat-cms
integreat-cms copied to clipboard
digitalfabrik
[2024-11-07] Finalize permission setting for contact information
Motivation
So far we have kept the new feature contact information only available for CMS Team and Service Team for test purpose by a very strict permission setting. Now we make it available for users.
Proposed Solution
Change the permission setting of the item menu in the navigation bar and eventually add permission checks in the related views.
---- Munincipality users ------------------------------------
| role | view | create | edit | archive | delete |
|---|---|---|---|---|---|
| Management | ✅ | ✅ | ✅ | ✅ | ❌ |
| Editor | ✅ | ✅ | ✅ | ✅ | ❌ |
| Author | ✅ | ✅ | ✅ | ✅ | ❌ |
| Event manager | ❌ | ❌ | ❌ | ❌ | ❌ |
| Observer | *1 | *1 | *2 | ❌ | ❌ |
*1 only if they can edit at least one page *2 only the contacts embedded in the pages they can edit
---- Staff users ----------------------------------------------
| role | view | create | edit | archive | delete |
|---|---|---|---|---|---|
| CMS Team | ✅ | ✅ | ✅ | ✅ | ✅ |
| Service Team | ✅ | ✅ | ✅ | ✅ | ✅ |
| App Team | ✅ | ✅ | ✅ | ❌ | ❌ |
| Marketing Team | ✅ | ❌ | ❌ | ❌ | ❌ |
The principle is "If I can edit at least one page, I can view contacts and create a new one. I can edit the existing contacts that are embedded in the pages I can edit."
The table for munincipality users is made based on this principle. I put ✅ for Marketing Team × View, although they cannot edit anything, becuase it is probably useful for them to "view" as staff.
Delete and archive permissions are given if they can delete/archive pages.
Alternatives
Keep this cool feature a secret among us or allow everyone to do whatever they want to with contact objects.
