AlterBrains • multi-branch permissions
Page 1 of 1

multi-branch permissions

Posted: November 15th, 2013, 2:51 am
by asccreative
Hello,

I am considering MightySites for a project where it is possible that the same user may have different roles or permissions on different child sites. For instance, they'd be a registered user on childsite1, and an author on child2.

The issues becomes interesting when they sign ion the master site. How can we use MightySites to determine the available permissions when the user chooses as childsite?

Thanks.

Re: multi-branch permissions

Posted: November 15th, 2013, 2:46 pm
by Admin
MightySites can share #__users database table, so users will be same in all sites, but their usergroups (hence permissions) can be different.

Once user logs in any site he will get usual permissions according to assigned usergroups.

Re: multi-branch permissions

Posted: November 15th, 2013, 8:23 pm
by asccreative
Hi there,

I would like to know if MightySite is capable of doing the following:

1) We will be creating 1 Main Site where users will register. We will then create 10 to 20 Child Sites that will share the template, components, plugins + users.

2) We would like to control all users within the Main Site's backend, for example which Child Sites each user is registered to and which usergroup each user is in for the Child Site the user is assigned to.

I know that in the Main Site, all users will be under Registered usergroup. We would also like to assign each user to different Child Sites and to a different usergroup in each assigned Child Site, example usergroups: owner, tenant, landlord, agent. (Note: each user will only be assigned to ONE Child Site. Users will NOT be able to login, view content or register in a second Child Site.) Is this possible? How difficult is it to modify the component to allow this structure?

3) The last requirement is that since each user is only assigned to ONE Child Site, we would like to be able to do a redirect upon user login on the Main Site. For example, user A registers on Main Site. He is assigned to a Owner usergroup in Child Site 1. Upon login on the Main Site, he is immediately redirected to Child Site 1. Is this possible?

Thank you for your response.

Re: multi-branch permissions

Posted: November 17th, 2013, 4:01 am
by Admin
1) We will be creating 1 Main Site where users will register. We will then create 10 to 20 Child Sites that will share the template, components, plugins + users.
OK, it's possible, all sites subsites should be created as parked domains for main site.
MySQL users of subsites should have access to main site's database.
2) We would like to control all users within the Main Site's backend, for example which Child Sites each user is registered to and which usergroup each user is in for the Child Site the user is assigned to.
Each site has own backend panel as usual, you can only see a list of sites in Main Site's backend, edit their global config and auto-login to backend.
I know that in the Main Site, all users will be under Registered usergroup. We would also like to assign each user to different Child Sites and to a different usergroup in each assigned Child Site, example usergroups: owner, tenant, landlord, agent. (Note: each user will only be assigned to ONE Child Site. Users will NOT be able to login, view content or register in a second Child Site.) Is this possible? How difficult is it to modify the component to allow this structure?
All sites always have exactly same users (because you want to share users), but user can be assigned to different usergroups in each site.
3) The last requirement is that since each user is only assigned to ONE Child Site, we would like to be able to do a redirect upon user login on the Main Site. For example, user A registers on Main Site. He is assigned to a Owner usergroup in Child Site 1. Upon login on the Main Site, he is immediately redirected to Child Site 1. Is this possible?
Users can't be assigned to sites, if you share users - all users are always same in all sites.
MightySites doesn't perform any redirects, you need to develop custom plugin which does a redirect according to user's usergroups.

Re: multi-branch permissions

Posted: November 17th, 2013, 12:52 pm
by asccreative
Hi there,

thanks for your response. Since the above can't work, I've came up with another solution. I would like to know if your component is capable of doing it:

The program we use will need to be able to share users & usergroups among all the sites. Using the following steps, the client will be able to control all users within the Main Site. It should work in theory as long as ALL user & usergroups gets shared over all the sites. All sites (Main Site & All Child Sites) MUST use the same user & usergroup database from the Main Site. Usergroups for users will not be edited within the Child Sites. All usergroup assignments will be made via the Main Site.

Step 1: Must create individual usergroups before creating the child site. Eg: Before creating Child Site 1(CS1), create the following usergroups in Main Site: CS1 Admin, CS1 Owner, CS1 Tenant, CS1 Agent. Give all these usergroups same previlges as Guest usergroup. This goes for all other Child Sites. Child Sites can be added on later as per normal as long as the usergroups are created prior to the Child Site being launched, it is good enough.

Step 2: Create CS 1. As long as all usergroup gets imported over, we can now assign the proper rights for usergroups created for CS1 meant for CS1. Registered usergroup in CS1 will be changed and given the same rights as Guest. CS1 Admin, CS1 Owner, CS1 Tenant, CS1 Agent will be given the appropriate rights. The other CS usergroups won't matter because they are already given the same rights as a Guest.

Step 3: Eg: When a User A registers in the main site, administrator will assign him to CS1 Owner. Since the rights for CS1 Owner is only limited to CS1, he won't be able to enter any other Sites.

Step 4: When an article or menu is created, the administrator MUST remember to assign the usergroup it is meant for. If they don't, then the usergroup won't be able to access it.

Do you think the above steps is possible?

Thank you.

Re: multi-branch permissions

Posted: November 18th, 2013, 11:56 am
by Admin
The program we use will need to be able to share users & usergroups among all the sites. Using the following steps, the client will be able to control all users within the Main Site. It should work in theory as long as ALL user & usergroups gets shared over all the sites. All sites (Main Site & All Child Sites) MUST use the same user & usergroup database from the Main Site. Usergroups for users will not be edited within the Child Sites. All usergroup assignments will be made via the Main Site.
All sites can share users and usergroups, admin can edit all users from main site, you can limit creation of usergroups in child sites for admin via Joomla permissions.

But admins of child sites can still edit users and assign usergroups, so you also need to disable users' edit/creation in child sites for child admins via Joomla permissions.

So actually child site admin should not be assigned to Super Users but to a custom group which can login to backend but has limited permissions. I think that steps below have same logic.

So actually each subsite will have a special usergroup with certain permissions for admin user.

Note that each site should use own #__assets database table in this case (possible in MightySites), so permissions are different per site. Edit of permissions is also performed in each site separately.
Step 1: Must create individual usergroups before creating the child site. Eg: Before creating Child Site 1(CS1), create the following usergroups in Main Site: CS1 Admin, CS1 Owner, CS1 Tenant, CS1 Agent. Give all these usergroups same privileges as Guest usergroup. This goes for all other Child Sites. Child Sites can be added on later as per normal as long as the usergroups are created prior to the Child Site being launched, it is good enough.

Step 2: Create CS 1. As long as all usergroup gets imported over, we can now assign the proper rights for usergroups created for CS1 meant for CS1. Registered usergroup in CS1 will be changed and given the same rights as Guest. CS1 Admin, CS1 Owner, CS1 Tenant, CS1 Agent will be given the appropriate rights. The other CS usergroups won't matter because they are already given the same rights as a Guest.

Step 3: Eg: When a User A registers in the main site, administrator will assign him to CS1 Owner. Since the rights for CS1 Owner is only limited to CS1, he won't be able to enter any other Sites.

Step 4: When an article or menu is created, the administrator MUST remember to assign the usergroup it is meant for. If they don't, then the usergroup won't be able to access it.