Role | User | Access Control - Define new users

sagun786 · April 30, 2020, 4:54am

Basically the main goal of this question is to understand can Squidex be used as backend for medium.com like features for authoring & reading. The more granular questions are as follows

These are very specific questions from Contributors Access Control perspective based on a new role I want to create called ‘author’

Role author such that (authors can create and save to draft only but as part of workflow they can’t publish the content)
User Scope limited to him (Can permissions be set so authors only see only their content and not read other authors content)
Can a view be set so authors aren’t exposed to schemas / other configuration options on squidex?

What definitions(granular permissions should I write on each to make this work?

Sebastian · April 30, 2020, 8:49am

Yes, that should be possible.
No you can always see all content.
Not yet, because the permissions are given on the requirements, e.g. to make edit content the UI needs to query schemas, therefore you have permissions to view schemas as well, therefore the schemas tab is shown.

T_K · May 1, 2020, 6:00am

It would be good if the schema tab button gets disabled when you do not have the rights to view it.

Sebastian · May 1, 2020, 6:16am

But you always have the rights to view it

To manage content you need access and to view languages to list schemas (some UI features needs it). To view schemas you need to list patterns as well. Therefore you have a bunch of implicit permissions.

The UI is driven by the permissions that you have. In fact the UI does not make any decisions at all, what to show and what not, the API tells the UI what is possible through links (HATEOAS).

I understand that you don’t want to give your users access to schemas, but this would require another permission system (or settings) just for the UI.