Role Administration Questions

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
5/22/2009 5:49:13 PM
michael.jew
Gravatar
Total Posts 26
View Posts

Role Administration Questions

Hello Joe,

 

QUESTION: Would you please expand upon these four roles?

  • Administrators
  • Authenticated Users
  • Content Administrators
  • Role Administrators

I've read: http://www.mojoportal.com/rolesandpermissions.aspx, but I'm not sure if it's accurate.

SUB QUESTIONS
a) It seems that Administrators have acccess to absolutely everything. If this is true, why isn't the Administrator checked box 'checked' under the tabs: "Roles that can view this page", "Role that can edit this page", "Roles that can create pages below this page". Am I correct in understanding that choosing the Administrators checkbox is unproductive.

b) Content Administrators, in the article, says that they,"can change site settings except security settings". I don't think that this is true in my tests--they do have access to the Security Tab.

c) In the article, Content Administrators, "can view any page in the site regardless of permissions except pages with Admins". My tests show that this is true, however the ability to navigate through the menu to reach those pages isn't possible.  is this right?

d) Roles Administrator is given access to only two new menus, "Role Administration", "Member List". Is this right?


I'd love to your feedback.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

BTW, I've read the following too:
http://www.mojoportal.com/Forums/Thread.aspx?pageid=5&mid=34&ItemID=7&thread=893&postid=3873

thank you,
Michael
 

5/23/2009 6:57:34 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Role Administration Questions

Hi Michael,

I've updated the page here tomake it a little more clear.

http://www.mojoportal.com/rolesandpermissions.aspx

Administrators can view everything regarldess of whether the role for Administrators is checked, so there is generally no need to check that role as allowed. The only special case where it is useful is if you want to create a page that the Content Administrators cannot edit. If you explicitly set the view permissions to only the Administrators role, then no-one else can see it including Content Administrators. So we purposely don't check it by default and checking it alone has special meaning and purpose.

b. You are correct, I just reviewed the code and I consider it a bug, because some of the security settings were editable by Content Administrators. I have fixed it in my copy so it will be fixed soon in svn trunk and in the next release. They will be able to set some things under security like Captcha settings.

Role Administrator can manage roles and role membership with some limitations as indicated in the document. He can see a link to the member list but actually it is possible to block his access to the page itself, he does not need that page to manage role membership. Who can view the member list is controlled by a config setting <add key="RolesThatCanViewMemberList" value="Authenticated Users" />

Hope it helps,

Joe

5/23/2009 7:14:21 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Role Administration Questions

I just tested locally and when I signed in as a user in the Content Administrators role I was not able to see the security tab in Site Settings. My previous code review showed some settings are saved outside of the if (isAdmin) and this led me to believe there was a bug where Content Administrators could change security settings but it does not appear true in testing it.

If you change a user's role membership it does not take effect until the user signs out and back in again. So in your test if the user was in Admins role and you removed him and put him in Content Administrators then if he was signed in and never signed out he is still in Admins role and would see the security tab.

Best,

Joe

5/26/2009 11:35:49 AM
michael.jew
Gravatar
Total Posts 26
View Posts

Re: Role Administration Questions

Hello Joe,

Thanks for taking the time to answer my questions.  And improve the Role article too.

In your answer b, you said...

"b. You are correct, I just reviewed the code and I consider it a bug, because some of the security settings were editable by Content Administrators. I have fixed it in my copy so it will be fixed soon in svn trunk and in the next release. They will be able to set some things under security like Captcha settings."

And then later you said,

I just tested locally and when I signed in as a user in the Content Administrators role I was not able to see the security tab in Site Settings. My previous code review showed some settings are saved outside of the if (isAdmin) and this led me to believe there was a bug where Content Administrators could change security settings but it does not appear true in testing it.

 

This morning, I didn't sync from the mojoPortal SVN branch because it sounds like you don't believe a bug exists... so I tried again.  Even when considering the sign-out, sign-in rules you told me about, a user that I created that is only in the Content Admin Role has access to the Security tab on my machine. :(  Thus, to me, it appears that the bug still exists.

 

5/26/2009 11:50:44 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Role Administration Questions

can you produce the problem on demo.mojoportal.com?

ie login as admin, create a new user and put him the Content Administrators role, sign out and then sign in as the new user in Content Admins role.

If you do that and you confirm that you do see the security tab I will pursue it as a bug. When I tried it on my local machine I did not see the security tab.

Best,

Joe 

5/26/2009 12:09:33 PM
michael.jew
Gravatar
Total Posts 26
View Posts

Re: Role Administration Questions

Hello Joe,

Yes, I was able to produce the same issue on demo.mojoportal.com too.

 

In the demo, I created user account through the /Secure/Register.aspx screen:

Polly

polly@polly.com

1234567

you should be able to see it and sign in.  Then, through Admin I ensured that Polly is only a Content Administrator.  However Polly still has access the the security tab. :(

 

-Michael

5/26/2009 12:16:25 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Role Administration Questions

Ok, thanks for verifying it. I will investigate further and make sure it is fixed for the next release. It may be that my local changes actually did fix it as I made the changes I saw were needed before I tested locally. Its just that I didn't think the changes I made involved hiding that tab, I'll review it thoroughly.

Best,

Joe

7/14/2011 11:08:01 AM
TRIAD - Next Level
Gravatar
Total Posts 17
View Posts

Re: Role Administration Questions

We've been having a problem for quite some time that falls within this scope of this thread. Here goes:

I'm an Administrator. I set a module to only be viewable by the Administrator. When I log back in as a Content Administrator, I can not view the module.  WORKS PERFECT!

However... the following situation does not work as expected:

I'm an Administrator. I set a module to only be editable by the Administrator. When I log back in as a Content Administrator, I can still edit the module, regardless of my settings.

Is this a known bug? We need to give our clients the Content Admin role so they can re-order the page tree and perform other limited admin tasks... but we really have to keep them from tinkering with select modules.

Thanks for your help, as always...

--- Nicholas

 

7/14/2011 11:55:08 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Role Administration Questions

I'll log this in our project tracker and look into it as soon as I get a chance. It might vary by feature so if you could indicate which feature(s) you are seeing this on it would help when I investigate.

Best,

Joe

7/14/2011 1:46:34 PM
TRIAD - Next Level
Gravatar
Total Posts 17
View Posts

Re: Role Administration Questions

Thanks Joe... I'm experiencing this on the default 'Html Content' module.

7/31/2011 6:35:28 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Role Administration Questions

fyi, this is now fixed in the source code repository so it will be fixed in the next release of mojoPortal.

Best,

Joe

You must sign in to post in the forums. This thread is closed to new posts.