Using permissions in plugins

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Using permissions in plugins
« on October 23rd, 2011, 10:24 PM »
This is sort of plugin related and it more directly affects plugins than it does anything else, I guess.

I think one of the current paradigms in SMF is wrong, that permissions should intrinsically be added to the permissions page - when it just doesn't make sense to do that sometimes.

I lost count a long time ago of the number of threads of people asking about things like nneonneo's shoutbox and asking how to set it so people see the shoutbox. Of course, the answer is to set permissions - but when permissions are set somewhere else from any configuration/settings that the shoutbox might have, it's illogical.

Ironically, SMF also features one method to actually deal with this, though most people don't realise it.

When I split the calendar out, as I will be doing shortly, I don't have to rework the permissions too much - because the UI of the calendar settings actually has an inline permissions facility, where you can set access by group (which feeds into the permissions system natively) to different calendar features, just as you can with general permissions.

Weirdly, though, it never really hit home to me until tonight just how broken the paradigm is. I dug out an old SMF 1.1.x test site, and decided to play around with the chess mod. It's pretty neat actually. But you have the Admin > Chess Admin area with Settings and Maintenance pages - then you have to go elsewhere for the permissions, and it jolted me when I had to get out there and reset it myself.

Had the permissions been inlined into the config pages, I wouldn't have had to look and no doubt had I been a newbie, I'd have been way more confused.

It makes me wonder though. When I get round to ripping permissions out and replacing them, do I actively need to consider putting roles in, with directly extensible support (like we have now), or is it actually better to bar plugins from touching the core permissions and making them put permissions in their own settings pages? (Obviously, provide facilities for doing this, SMF 2.0 and Wedge do actually do some of this, though it needs expanding to cope with _own/_any and non-general/context-specific permissions, as right now only general permissions can be dropped in easily)

I'm just thinking that simple plugins only need a permission or two and can trivially pull that in, complex plugins need something bigger but might as well get a dedicated section for it in their own admin area, without having to clutter up the core permissions - and it means that we don't have to worry about making it extensible on a UI level, and more importantly, plugins get to keep their facilities all under the one roof.

At least, that's how it is in my head. Would love to know what others think.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

spoogs

  • Posts: 417
Re: Using permissions in plugins
« Reply #1, on October 23rd, 2011, 11:05 PM »
If a plugin can house it's own permissions in it's own settings/acp that would be great. I've had that noob issue where I installed a mod dealt with all the settings, thought it wasnt working only to realize it added permissions. Even the small mods I think could/should add their own permission or preferably at least a link to the permissions page from within its' acp if it's adding the permissions there; that would just make life a whole lot easier. The way SD/WD houses it's own permissions should be the model for the larger more complex plugins.

On a side but somewhat related note I even believe the general permissions should be split off from the Default board permissions.
Stick a fork in it SMF

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Using permissions in plugins
« Reply #2, on October 23rd, 2011, 11:17 PM »
SD/WD didn't really have a lot of choice in terms of doing things, and now I look back, I'm amazed I was satisfied with 1.0 doing what it did, because it made a mess of the permissions page by adding a screen's worth of permissions, not to mention that it did confuse people by being somewhere other than where all the settings were. But by the time we got beyond 1.0's release, we pretty much *had* to roll out the newer permissions simply because they just didn't work in SMF's setup.

Right now though, I'm in the state of mind where I don't want to craft something that's acceptable, as it were, but to set forth the way it *should* be done. I'm not sure that just linking to a plugin's permissions is that useful from the plugin itself when for a similar amount of programming effort it can actually create that permission UI inline. (Adding permissions in a plugin, assuming it's using the standard template is a one line affair)

On the flip side, I can see the value of providing it in both places when you create a new membergroup/role/whatever. There it actually makes some kind of sense - but not a lot, when it still would likely be better putting it per-plugin, in the long run.

From where I'm standing, having a plugin integrate into the central permissions is actually more illogical, overall, than it being in the plugin area, especially since people are more likely to add new plugins than they are - generally - to add new member groups, and if they do add new member groups/roles/whatever, the odds are they're doing it for specific permissions anyway, so it's even more important to get it right.

As far as SD/WD's model goes, I'd pretty much provide the framework to larger plugins to be able to do that with the minimum of hassle. I still find it ridiculous that all the large mods all had to roll their own permissions framework because the core couldn't accommodate it, when there's no reason why a single framework couldn't cope with everything SD, Aeva and PT (just to name three) generally needed as far as permissions were concerned.

Dragooon

  • I can code! Really!
  • polygon.com has to be one of the best sites I've seen recently.
  • Posts: 1,841
Re: Using permissions in plugins
« Reply #3, on October 24th, 2011, 07:43 AM »
Permissions should split up like the Modification setting page, allow each mod to add it's own and have a common misc. page for everything else. That way it gets easier, and the page needs to have a host of customizability options otherwise mods like AeMe would fail to be fully incorporated into the permission area. Just a question, are you only planning on overhauling the permissions UI or the underlying structure as well?
The way it's meant to be

Nao

  • Dadman with a boy
  • Posts: 16,079

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Using permissions in plugins
« Reply #5, on October 24th, 2011, 09:00 AM »
Quote
Permissions should split up like the Modification setting page, allow each mod to add it's own and have a common misc. page for everything else.
I'm not a big fan of the modification settings page, never have been. The only thing it solves is the case of mods that add a couple of settings, nothing more - anything more than that and it should be creating its own page in the Plugins block of the ACP.

That does exactly the same thing: a plugin that adds a single permission is going to look out of place, as is a plugin that adds a massive permission area. In both cases, it still doesn't solve the disjoint where users have to go to multiple places to configure things - if a plugin is adding its own area already, it is flat out illogical to have to make users go elsewhere to configure permissions separately.
Quote
Just a question, are you only planning on overhauling the permissions UI or the underlying structure as well?
As I've outlined in several posts, the underlying structure has to change to accommodate larger style plugins anyway.

Dragooon

  • I can code! Really!
  • polygon.com has to be one of the best sites I've seen recently.
  • Posts: 1,841
Re: Using permissions in plugins
« Reply #6, on October 24th, 2011, 09:04 AM »
That's not what I meant, I didn't mean that it should split out into multiple pages exactly like the mod settings page, I meant that it should be divided into such areas each individually accessible via the permissions page and each should show permissions related to only that with one common area for a setting or two.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Using permissions in plugins
« Reply #7, on October 24th, 2011, 09:09 AM »
Quote
That's not what I meant, I didn't mean that it should split out into multiple pages exactly like the mod settings page
No... most mods that extend the mod settings page do so exactly as intended, making it a single page of stuff that's inconsistent and not the logical place to go for settings for anything.
Quote
I meant that it should be divided into such areas each individually accessible via the permissions page and each should show permissions related to only that with one common area for a setting or two.
So, nothing like the mod settings page then :P And that actually makes the problem worse, not better, by making it even harder to get to a plugin's permissions, which is tough enough given that most users do not automatically think to go check out the different parts of the admin panel when a plugin might add things.

This is why I'm debating not making it easy to add permissions directly to the main permissions areas and instead making plugins do it themselves. (For general non-own/any permissions, there's a 'permissions' field type for setupDBSettingsContext.)

Dragooon

  • I can code! Really!
  • polygon.com has to be one of the best sites I've seen recently.
  • Posts: 1,841
Re: Using permissions in plugins
« Reply #8, on October 24th, 2011, 09:25 AM »
Fair enough, but that'd spread out permissions to even more areas causing more confusion, wouldn't it?

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Using permissions in plugins
« Reply #9, on October 24th, 2011, 09:32 AM »
I don't think it would, though that's really the point of this topic.

See, I'm not just talking hypothetically at this point. Firstly, the Chess mod confused me... to see it having a settings page and not discovering the permissions are elsewhere actually stumped me for a moment. (Not any more than that, it wasn't hard for me to figure out that's what I was supposed to do - but it did confuse a lot of users.)

Secondly, I reflected on SimpleDesk. SD's permissions are huge, which is why it has its own dialogue and setup - and it made me realise that instead of being confusing, it actually isn't, because it puts that plugin's permissions with everything else for that plugin.

SMF even does that - check out the calendar settings page. Right there, it puts the permissions into the calendar area, though it is configurable from the main permissions area too. But even there it feels more logical to go to the calendar page to set who can see said calendar....

Dragooon

  • I can code! Really!
  • polygon.com has to be one of the best sites I've seen recently.
  • Posts: 1,841
Re: Using permissions in plugins
« Reply #10, on October 24th, 2011, 09:37 AM »
Okay, that does sound kind of logical to me. How about adding links to those areas in the actual permissions tab? So that users looking for permissions can go there directly.

Also, all these permissions would run through a central permission control(As in would all the permissions be stored in a single area) or would that be also completely up to the mod author?

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Using permissions in plugins
« Reply #11, on October 24th, 2011, 09:46 AM »
Quote
Okay, that does sound kind of logical to me. How about adding links to those areas in the actual permissions tab? So that users looking for permissions can go there directly.
OK, I don't think I'm making myself clear here. Why would I add a link from a plugin to the permissions area when for a similar amount of effort, I can *just put the permissions in the plugin area*? Unless you're talking about a link from the main plugins front page to the permissions area, which seems a lot of effort for a relatively small gain.
Quote
Also, all these permissions would run through a central permission control(As in would all the permissions be stored in a single area) or would that be also completely up to the mod author?
Um... centrally since it's already partly built and everything I've said has been about extending what's already there?

Dragooon

  • I can code! Really!
  • polygon.com has to be one of the best sites I've seen recently.
  • Posts: 1,841
Re: Using permissions in plugins
« Reply #12, on October 24th, 2011, 10:02 AM »
Quote
OK, I don't think I'm making myself clear here. Why would I add a link from a plugin to the permissions area when for a similar amount of effort, I can *just put the permissions in the plugin area*? Unless you're talking about a link from the main plugins front page to the permissions area, which seems a lot of effort for a relatively small gain.
Hmm okay then forget about that.
Quote
Um... centrally since it's already partly built and everything I've said has been about extending what's already there?
I was just confirming, seems fine to me.

PantsManUK

  • [me=PantsManUK]would dearly love to dump SMF 1.X at this juncture...[/me]
  • Posts: 174
Re: Using permissions in plugins
« Reply #13, on October 24th, 2011, 12:37 PM »
Coming at this in reverse (Devil's advocate...) could the permissions page (as an over-arching concept) be removed entirely, and permissions spread to where they would otherwise make most sense (Board permissions live with Boards, etc...)?

Get rid of the "permissions page" mentality... Does that fix/break anything else?
« What is this thing you hoomans call "Facebook"? »

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Using permissions in plugins
« Reply #14, on October 24th, 2011, 03:09 PM »
Interesting idea, I hadn't actually considered going that far.

Of course the argument I presented above against my own POV gets clobbered even more: create a new group and you then have to update its permissions in a whole bunch of places rather than a few (or one, on an unmodified, unexpanded forum)

Also that would require expanding things in places that currently don't have GUIs for them - for example viewing Who's Online only has an option or two buried elsewhere in the admin panel, though it only has one permission attached. Same deal with the member list.

Board level permissions are a bit trickier, due to the fact it isn't only permissions in that board, but it's permissions in that board by user group (though, arguably, no different to what would happen if pushed totally into the plugin's area to cope with)