I think we could achieve this without implementing a fully granular Moodle-style permissions system (and all the performance hits that come with that).
The implementation would look like this: 1. We change the setting "allow public pages" from a tickbox to a menu labeled "who can create public pages", options "anyone", "admins + staff", "admins", "no one". (Maybe some variant in there for institutional admins & staff as well) 2. We do a similar thing to the existing institution-level "allow public views" setting. The current version of that setting allows public views if the user belongs to *any* institution that allows public views, so we would use similar "any" logic for the new version of the setting. 3. We add a tickbox for "can create public pages" to the user settings page, accessible only to admins (much like the user settings option for setting a user's auth instance). This setting would allow the user to create public pages regardless of any other site or institutional settings (or the spam probation system). 4. We write a function, "can_create_public_pages()" that checks all of these things in the proper order. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1429325 Title: Allow public pages for staff and admins only Status in Mahara ePortfolio: Confirmed Bug description: When you use Mahara with a range of different age groups, you may prevent certain ages from creating public pages so that they don't share their pages accidentally with the public, e.g. young children who don't look at the sharing options carefully. I propose we be more granular in who can create public pages and public profiles on the institution level: - everyone - staff and admins only Ideally, an admin could overwrite the setting for individual "trusted" regular users as well so that they don't need to be given the staff role as that comes with more privileges. And now it's looking more and more like being able to create other roles and be able to manage permissions more like Moodle manages capabilities... Curently, roles are hard-coded in Mahara and thus that would need to change first. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1429325/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
