OSGeo / osgeo

The Open Source Geospatial Foundation is not-for-profit organization to empower everyone with open source geospatial. Directly supports projects as an outreach and advocacy organization providing financial, organizational and legal support. Works with our sponsors and partners for open software, standards, data, research and education.
http://www.osgeo.org
366 stars 67 forks source link

normal subscribers can't upload a profil image #184

Open astroidex opened 6 years ago

astroidex commented 6 years ago

Problem

see also #183#issuecomment-359673050 and #178

robe2 commented 6 years ago

I can change the permission of subscribers to upload images, but there doesn't seem to be any granularity I can do beyond that which I guess means they can upload anywhere they can edit.

If folks are okay with me making this change to subscriber role, I can do it.

astroidex commented 6 years ago

Thanks @robe2 for the feedback. Not so nice. Maybe we should have another at the #183 gravatar solution. On the other hand in our wiki a user can edit every page too.

What do you think? @cvvergara @jodygarnett @wildintellect ?

jodygarnett commented 6 years ago

I am really struggling with the different levels, subscriber cannot do much, ... but editor can delete other peoples pages.

I think we need an orientation session on wordpress security roles.

robe2 commented 6 years ago

@jodygarnett yes agreed. I have little idea how wordpress security roles work. Doesn't seem to be much granularity (e.g. what section one can edit) in the role admin options.

robe2 commented 6 years ago

Looking at roles closer, I think Author might be the right level of granularity we need.

Author is a lower level than Editor. And has 7 permissions:

1) General: Can read (I presume anything not marked as private) 2) Media: Can Upload files 3) Pages: Can Read (I note there is a Edit Pages, and Edit Other's pages that is not checked. So I assume maybe Edit Pages only allows editing of your own pages (same options for delete) 4) Posts: Can (Read | Edit | Delete (and published) ) Posts ( (Edit | Delete) other's posts is unchecked)

cvvergara commented 6 years ago

@astroidex Yes indeed using the gravatar would be nice, but as I mentioned before the whole web page was designed using the image that has to be uploaded manually. @robe2 solution of allowing subscribers to upload images is the best one right now. Once we figure out what part of the php code needs to be changed and how to make use of the gravatar then the images could work like:

if 
  there is a gravatar use it 
else
 use the uploaded image

In any case the subscriber needs to upload the image

@robe2 I experimented on what Author can do or con not do, I dont the author role

jodygarnett commented 6 years ago

I am concerned that the gravatar is doing more harm then good now, people see their face and do not notice they need to upload an image. We have a lot of "empty" faces showing up when looking at projects or the members list.

robe2 commented 6 years ago

I think rather than using a built-in might be better to just create our own role, maybe call it

OSGeo Basic

I'm hesitant to muck with existing roles since the level of permission isn't entirely clear from the names.

So was thinking OSGeo Basic for starters would just be able to do what subscriber does plus upload images. We might want to add more permissions after.

cvvergara commented 6 years ago

@robe2 does not matter what role name they use, the issues I mentioned on the report about subscriber apply to all roles.

right now we can give permission to the subscriber to upload an image and "disable" avatar, so when we have made progress on using the avatar, we "enable" it again?

cvvergara commented 6 years ago

@astroidex As far as I can remember this issue is solved, can you please verify.