kaolak : documentation previous | next | table of contents 

3.3 Users, groups and access permissions
Users and groups
Users and groups in kaolak serve different purposes:
  • manage system users eg kaolak (root), admins (bound to branch), website (created through website module and bound to branch)
  • manage branch users eg web editors , web designers, shop managers
  • organize contacts eg web subscribers, customers

Kaolak's superuser is named kaolak.
Users can belong to several groups, so that a web designer can also be a web editor, for example.

Users inherit kaolak node properties and share the following extra properties :
  • groups (int[])
  • username (str)
  • passwd (str)
  • first_name (str)
  • last_name (str)
  • email (str)
  • phone (str)
  • address (str)
  • city (int)
  • state (int)
  • zip (str)
  • country (int)
Users have access permissions set as requested nodes' attributes and are inherited from groups, strongest group permission assigned. They can also be assigned to specific users.
Permissions can be set by the owner (creator) of the node, the branch's administrators and the kaolak superuser. see 2.5 API : class Node, checkPermission(), getPermission(), setPermission()

By default, a document is set as readable and writable by other users. To protect it, its owner has to set its attributes so. If no permission is set, no access is allowed, except to the branch's admin and the superuser.

Like every other node in kaolak, users and groups have read and write permissions. Each branch's admin have full rights on its users and documents, but some users also have rights on others, eg public site creates subscribers, web publishers create web editors and web designers.

Some special users are not users strictly speaking since they cannot login to the kaolak GUI. These users and groups are called members of the community. Some members categories are the site subscribers, shop customers and suppliers - see modules section for details.

Some other types of permission also exists such as the publish permission - see modules section for details.

 previous | next | table of contents