PermsTest

This is a test to produce some rules about permissions. This was prompted by a discussion at tw.o and suggestions about using Categories to apply perms, among other things.

 
To duplicate this scenario, I've made the same users and groups at this site:

Users: A, B, C, D.
Groups: Fish, Cat, Dog.
These user-group names mean that their members have admin rights for objects in the category of the same name.

Group Fish has members A and B.
Group Cat has member C.
Group Dog has member D.

Tiki objects include wiki pages Fish, Cat and Dog, which are objects of the categories of the same names.

I will test to see what group permissions and object permissions produce the desired results. In particular, I want to see what the relationship is between permissions granted to groups and those granted to objects, in regard to specific groups.

And I will make and categorize additional objects to see what effect their categorization has on permissions.

 
I did a test where I duplicated the example of kwow described in the tikiwiki.org forum. I made four new users and three new groups, named as you named them, and three categories with names matching the group names. The groups — Cat, Dog, and Fish — are in charge of editing the pages in the categories of the same name.

Each of the users belongs to the Registered group and to the respective animal group. I gave the Registered group all "Basic" and "Registered" permissions, which include 'tiki_p_view to see wiki pages and tiki_p_edit'' to edit them. These general permissions hold except in for objects where specific other permissions are given.

The Fish page has tiki_p_admin_wiki assigned to the group Fish, and the other pages are similarly permed. One thing I noticed is that a wiki page given a specific tiki_p_edit perm (and not admin_wiki) requires specific tiki_p_view perms or it will no longer be viewable. This appears to be a bug, or else a bad design decision. Rather than tiki_p_edit, the goup pages should have tiki_p_admin_wiki assigned; then the page will be viewable without an additional specific view permission.

For example, user C (not an admin, of course) made a new page for the Cat category and gave it tiki_p_edit permission for the Cat group. User C could not view that page until it was also given a specific tiki_p_view perm, even if just to Anonymous or Registered groups. But I then deleted both edit and view perms and replaced them with a tiki_p_admin_wiki for the Cat group. All groups could view the page by virtue of the general perms assigned to them on the Admin Groups page.

So to get the result you want, the Cat, Dog and Fish groups must have tiki_p_admin_wiki, tiki_p_view and tiki_p_edit permissions, among others. I assume the users A,B,C, and D are members of the Anonymous group (to which tiki_p_view perm is probably given) and of the Registered group (to which perhaps editing perms are given). Or these perms could be given explicitly to the Cat, Dog and Fish groups.

Then, the pages must be given the appropriate perms, as described above. Each page is given edit permission for its group, and viewing permission for everyone else (Anonymous or Registered, etc.) who is to see it.

In my test, making a new page and assigning it to a Category did not automatically give it the permissions of the other page in the Category. That is, C couldn't edit the Dog page (which limited tiki_p_edit to the group Dog), but could edit Dog_hound page, which D had categorized in Dog. To prevent editing by C, Dog_pound had to also be given the edit-by-Dog perm.

Unless I'm mistaken, maybe people who think Categories enable view/edit permissions are confusing Categories with Structures. A Wiki Structure can be given permissions which are applied automatically to all its member pages.