[Enhancement]: Support for a Content Administrator Role

[mitchelsellers]

trafficstars

Is there an existing issue for this?

• [X] I have searched the existing issues

Description of problem

Currently, in the DNN Platform, there is support for a system Administrators role, which grants Portal Specific administrative permissions. Users in this role have full access to the content within the selected portal to administer Pages, Files, Users, Settings, SEO, and other elements.

For many users the concept of a Content Administrator would be helpful. The goal would be to establish a user role that can have the following behavior.

• The ability to add/edit/delete ANY page on the site
• The ability to add/edit/delete ANY module on the site
• The ability to access the PersonaBar Pages Module, with full access
• The ability to access the PersonaBar Recycle Bin Permission, with full access
• The ability to access the PersonaBar Site Assets menu item, and associated page
• The ability to administer ALL folders/files within the portal

This should be treated as a system role/assignment just like "Administrators" are.

Description of solution

This will require several changes, however, manual database changes can make most of the process work, the following outline the changes that have been done on a 9.11.2 site to validate the functionality and the requisite changes necessary to support it.

Persona Bar Changes

Minimal changes are needed for the PersonaBar, simply adding PersonaBarMenuPermission values for View/Edit to the 4 menu items involved (Content, Manage, Pages, and Site Assets) for the role of choice worked. This is a total of 8 permission values inserted.

Resource Manager & Resource Manager Settings Changes

The resource manager respects folder permissions, globally adding the role to the same permissions as Administrator worked, however the following changes would need to be validated.

• New folders must ALWAYS have Administrators and 'Content Administrators` added to them
• Users must not be able to remove permissions for either of the above listed roles.

Extensions Permissions

Currently any installed DesktopModule has Can Deploy permissions automatically added to the Administrators role, this should be updated to also be automatic for the Content Administrators role.

Discussion Point It MAY be acceptable to allow permissions to be un-set for a Content Administrator after automatic creation to give the best long-term flexibility.

Tab/Module Permissions

The final step in creating this functionality is to ensure that the Content Administrator Role is added with View/Edit permissions to ALL Tabs and All Modules on the site. This can be done now manually via SQL but the desired change should ensure.

• All new pages must have Administrators and Content Administrators with the same forced, non-editable permissions
• Page Permission grid should not allow unselection of the permission for Content Adminitrators
• Module permissions should be similar to that of Tab, with default permissions inserted for ALL content administrators.

Description of alternatives considered

Users can be granted admin access, however, it gives them a much more elevated level of access.

Anything else?

I have SQL script documentation of two examples validating the "it works but it could be broken" situations. I may be able to help fund the implementation of this item

Do you be plan to contribute code for this enhancement?

• [ ] Yes

Would you be interested in sponsoring this enhancement?

• [X] Yes

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[WillStrohl]

Love this issue! We were talking about this a lot at DNN-Connect. 😎

[david-poindexter]

Great @mitchelsellers - definitely interested in this solution and would be willing to work on it.

[mitchelsellers]

I think the biggest point right now is trying to figure out some of the logistics of how/where this would need to be changed.

I know already that the process in some of the internals would need to be updated specifically PagesControllerImpl.cs and BulkPagesController.cs.

But what I don't know is how/what drives the permission grid behaviors that we need to restrict, if anyone knows anything about those areas and has a little time I'd love to try and review. If I can get an idea of how much time I think I can get this one sponsored.

[BravoSierra]

This is an excellent idea. To avoid confusion with 'admin', the role name my be Alfresco convention, collaborator or contributor, or author?

In the Alfresco ECM (Enterprise Content Management) platform, there are several predefined roles available to manage permissions and access rights to content. Here are some commonly used roles in Alfresco:

Owner: The owner of a content item has all rights over that content, including the ability to modify permissions, delete, and move it.

Collaborator: A collaborator has the right to create, modify, and delete content, as well as view and share it with other users.

Contributor: Contributors can create, modify, and delete content, but they do not have the right to share the content with other users.

[valadas]

I am willing to help on this for the frontend module, etc. I don't know the inner workings but happy to help as I can...

[mitchelsellers]

After conversation at the TAG meeting about this post - https://github.com/dnnsoftware/Dnn.Platform/pull/5118

This may be possible with "Portal Permissions" with the existing Page Admin permission and a newly added one for file management.

THEN any role that is granted access to "Page Admin" we automatically add them to the persona bar for Pages, Content, and Recycle bin.

Then any role that is granted access to "File Admin" we automatically add them to the persona bar for Manage, Site Assets, AND the site assets