search

501st-alpha1 / big-gollum

A rails app that lets you make, browse, edit, and eventually control permission to gollum wikis.
MIT License
6 stars 2 forks source link

Feature: Share wikis with users #7

Open oponder opened 9 years ago

oponder commented 9 years ago

As an admin I should be able to assign wikis to users.

Users that have a wiki assigned to them will see it in their dashboard and be able to view / browse / edit the wiki.

Users should not be able to access wikis that they are not assigned to.

501st-alpha1 commented 9 years ago

Right now, we have a pivot table users_wikis, which I'm not sure is used for much. I've started work on using this table to give users access to wikis.

I think the best way to implement this admin functionality would be to create a roles table (and corresponding pivot table), and use that to determine whether a user is an admin. This would allow us to extend it later, and we could e.g. have a role that allows users to add other users to wikis that they have access to.

oponder commented 9 years ago

Have you considered 'upgrading' users_wikis to wiki_memberships, and having the role be a field on that? That way we can have users with different roles on different wikis.

Also we could distinguish between user roles and wiki_membership roles. So the user model would gain a roles field, and the new wiki_memberships model would gain a role field too.

And lastly, instead of calling it roles, I'd like to think in terms of individual abilities. So Imagine that for user abilities we have the following:

Examples of wiki_member_ship abilities would be:

That way users can mix and match and create their own 'roles' on the fly.

We could use a bitmask to store these values as a single integer on user and on wiki_memberships:

Here's a gem i've used before that helps with this bitmask part: https://github.com/platform45/easy_roles

501st-alpha1 commented 9 years ago

At first glance, that sounds good to me (and definitely is an upgrade). I'll look at this in some more detail when I get the chance.

501st-alpha1 commented 9 years ago

I assume we also want an Admin role, which will allow the user to modify the permissions of other users.

Also it looks like you have started on some user management pages at #21, so I'll probably wait until that is merged and I can rebase to finish this completely (but I'll see how much I can do before then).