Welcome to Geeklog Monday, March 27 2017 @ 02:14 pm EDT


 24/02/2007 08:10am (Read 2829 times)  
Status: offline
working

1000ideen

Forum User

Full Member
Registered: 04/08/2003
Posts: 1289
The problem:
I was thinking of how to handle a site with many users and several story editors and user admins.

Lets say it is a small sports club and there is me, the technical root admin, there is 1 chief editor (story and user admin), 5 general editors (story admins), 1 treasurer (user admin), 200 known members of the club (group-football), 2000 fans (group-fans).

A) What are the most dangerous things admins can do (accidentally)? It is less a matter of faith it is rather accounts being hacked or unexperienced admins doing wrong steps.

- Deleting topics is most dangerous as they also delete all the stories.
- Mass deleting users could be a massive problem too.

Anything else that is not repairable?

There is alsready the config variable "onlyrootfeatures". What do you think of the possible settings only root may batchdelete users or delete topics?

Would the best solution be to make user.mass.delete and topic.delete separate rights?
There is a feature request [#563] "topic.delete should be a separate right" .
http://project.geeklog.net/tracker/index.php?func=detail&aid=563&group_id=6&atid=108


Cool I noticed that user admins cannot add a user to a goup say "group-football" if they are not group admins. I don`t really want to make the user admin also group admin. Is there a chance to give user admins the right to add or delete users to groups but not be group managers? I think this is quite logical, isn`t it?


C) Unfortunately all email notifications go to the root admin. This should be routable to the various admins.

 24/02/2007 03:30pm  
Status: offline

jmucchiello

Forum User

Full Member
Registered: 29/08/2005
Posts: 985
Quote by: 1000ideen

Would the best solution be to make user.mass.delete and topic.delete separate rights?

I'm always in favor of finer grain rights.
Cool I noticed that user admins cannot add a user to a goup say "group-football" if they are not group admins. I don`t really want to make the user admin also group admin. Is there a chance to give user admins the right to add or delete users to groups but not be group managers? I think this is quite logical, isn`t it?
In this case a "group.assign" feature is probably a better method. You don't necessarily want all your user.admins assigning group membership. I would say group.edit presume group.assign or that could be configured via $_CONF. You should make a feature request for this. Others probably could use it.

C) Unfortunately all email notifications go to the root admin. This should be routable to the various admins.

I've seen this on the forums before, I think. Again, make a feature request.

 26/02/2007 06:08am  
Status: offline

1000ideen

Forum User

Full Member
Registered: 04/08/2003
Posts: 1289
Thanks for your feedback.

As for me I think that the user admin should always be able to assign users to groups. That`s quite normal and daily business. Somebody signs up and has to be assigned to a group. Whereas editing a group is extremely rare and more a task that an admin does once a year.

Arrow Anyone else runing a 'big' site and thinking about possible problems or more usability? :kickcan:

 27/02/2007 06:03pm  
Status: offline

1000ideen

Forum User

Full Member
Registered: 04/08/2003
Posts: 1289
I just noticed that with xoops it is the group manager who assigns a group to a block. In Geeklog it is the block admin.

Well, if the block admin and the story admin both assign groups to either blocks or stories then the user admin should logically be able to assign groups to a user.

All times are EDT. The time is now 02:14 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  • View Anonymous Posts 
  • Able to post 
  • Filtered HTML Allowed 
  • Censored Content