I'm almost done with this but it still feels lacking. Using the PUT method to cancel invites is just lazy (sorry), but the alternative is to refactor all API calls to use proper Form Actions.
I'm mostly inclined to do a refactoring on the whole user model and add some proper ACL.
Changes so far
Can add an existing user's email as collaborator in multiple websites without an invite
Can remove collaborators
Can cancel invites [WIP]
Can make a collaborator the site owner with rights to rename/delete a website and add more collaborators to it
Can add more server admins
Changing the user role seems too much hassle, thus the workaround is to remove and re-add him with the new role.
ACL Proposal
Keep the multiple Admins and drop the Dev/Editor role for them: move the admin column to the users table and drop the server_members
Introduce spaces:
A space is a group of rights where you can add both users and sites
Each user can have separate CRUD rights for the whole space
Each site can have UD rights of its own (so you can protect a site from being deleted or even archive it to prevent changes).
A space can have its own admin (not a server admin) who can edit everything in the space
Picking up from #389
I'm almost done with this but it still feels lacking. Using the
PUT
method to cancel invites is just lazy (sorry), but the alternative is to refactor all API calls to use proper Form Actions.I'm mostly inclined to do a refactoring on the whole user model and add some proper ACL.
Changes so far
Changing the user role seems too much hassle, thus the workaround is to remove and re-add him with the new role.
ACL Proposal
admin
column to theusers
table and drop theserver_members
What do you think?