Middlebury

Monster Menus Permissions

Revision as of 11:26, 26 August 2009 by Adam Franco (talk | contribs) (Permission scope)

Part of the documentation on Drupal.

About

The Middlebury and MIIS Drupal sites use a system called Monster Menus (developed at Amherst College) to enable the creation of a hierarchy of pages and apply permissions hierarchically to those pages.

Permission scope

Monster Menus permissions -- like file-system permissions -- apply only to the page or content for which they are set: having full "write" permission on a page does not imply write access to sub-pages or content on the page. However, Monster Menus Permissions -- also like file-system permissions -- are "sticky": when new sub-pages are created, the permissions from the parent page are copied onto the sub-page and the creator of the sub-page is set as the owner.

Content permissions are slightly different from page permissions. When a user creates a new content node, they are made the owner of that content and the "Delete the page or change its settings" permissions are copied as "Edit or delete this content" on that content. Other users who might have "Append sub-pages to the page" or "Add content to the page" permission to not have any permissions on the new content. Also, content does not have a read permission. Read permission is determined by the page content is displayed on.

Manually cascading permissions

Sometimes it is necessary to reset the permissions for part of the site. This might be necessary if a new user or group needs to be granted access to a large number of pages and content-nodes. Two check-boxes at the bottom of the permissions form allow permissions to be recursively set on all sub-pages and/or content.

Use caution with these options as they will overwrite all permissions on sub-pages and/or content to be the same as the permissions on the page where they are used.

Permission levels

Permission levels on pages

Owner

Full "write" access to the page.

The owner of a page is usually the person who created it. The owner has full "write" access to the page, the same as Delete the page or change its settings. The owner exists so that at least one person always has access to a page.

Delete the page or change its settings

Full "write" access to the page.

Users with this permission can change all of the properties of a page: its title, settings, and permissions.

This permission is a super-set of the Append sub-pages to the page, Add content to the page, and Read permissions.

Append sub-pages to the page

Users with this permission can add sub-pages to a page, but cannot change the page's settings or add content directly to the page. When a user creates a sub-page, they will be the owner of that sub-page and will have full "write" access to that sub-page; giving them the ability to add content and append further sub-sub-pages to that sub-page.

This permission is a super-set of the Read permission.

Add content to the page

Users with this permission can add new content a page. When they create new content they will become the owner of that content and can continue to make changes to it. This permission does NOT grant users the ability to edit content already on a page. Content already on the page is only editable if the user is the owner of that content or has the "edit or delete this content" permission on that content.

This permission is a super-set of the Read permission.

Read

This permission allows a user to see the content.

Permission levels on content

Read access to content is determined by users' read access on the page on which it resides. In this way, a content-node can be displayed on two pages, one that is restricted and another that is publicly visible.

Owner

Full "write" access to the content.

The owner of a piece of content is usually the person who created it. The owner has full "write" access to the content, the same as Edit or delete this content. The owner exists so that at least one person always has access to the content.

Edit or delete this content

Full "write" access to the content.

Users with this permission can change all of the properties the content: its title, settings, and permissions.

Examples