I've hooked up the following role equivalencies via the AuthFAS plugin for Drupal:
DRUPAL ROLE FAKEFAS GROUP ----------- ------------- administrator <----> cmsadmin writer <----> cmswriters editor <----> cmseditors
Note that the 'administrator' role in Drupal is almost what the actual Drupal admin account (uid 1) gets. The only thing that administrator can't do is change the FAS settings.
The other two roles 'writer' and 'editor' right now have no special permissions, and would be treated the same as an authenticated user (I think). If someone can test that, I'd appreciate it. To test, you would:
1. Create a FakeFAS account and sign the CLA 2. Apply in FakeFAS for 'cmswriters' or 'cmseditors' membership (not 'cmsadmin') 3. Sign in to the Drupal instance with your FakeFAS username + pass.
You should be able to create content. (You'll see a link on the left for it if that's true.)
Thanks Paul. What's the link to the FakeFAS Admin again? I'll be happy to test.
- pascal ________________________________________ From: logistics-bounces@lists.fedoraproject.org [logistics-bounces@lists.fedoraproject.org] On Behalf Of Paul W. Frields [stickster@gmail.com] Sent: Thursday, August 12, 2010 3:32 PM To: Fedora Logistics List Subject: FakeFAS groups <--> Drupal role
I've hooked up the following role equivalencies via the AuthFAS plugin for Drupal:
DRUPAL ROLE FAKEFAS GROUP ----------- ------------- administrator <----> cmsadmin writer <----> cmswriters editor <----> cmseditors
Note that the 'administrator' role in Drupal is almost what the actual Drupal admin account (uid 1) gets. The only thing that administrator can't do is change the FAS settings.
The other two roles 'writer' and 'editor' right now have no special permissions, and would be treated the same as an authenticated user (I think). If someone can test that, I'd appreciate it. To test, you would:
1. Create a FakeFAS account and sign the CLA 2. Apply in FakeFAS for 'cmswriters' or 'cmseditors' membership (not 'cmsadmin') 3. Sign in to the Drupal instance with your FakeFAS username + pass.
You should be able to create content. (You'll see a link on the left for it if that's true.)
-- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ Where open source multiplies: http://opensource.com _______________________________________________ logistics mailing list logistics@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/logistics
On Thu, Aug 12, 2010 at 10:52 PM, Pascal Calarco pcalarco@nd.edu wrote:
Thanks Paul. What's the link to the FakeFAS Admin again? I'll be happy to test.
I think https://publictest4.fedoraproject.org/accounts
On Thu, Aug 12, 2010 at 11:15:34PM +0200, Gianluca Sforna wrote:
On Thu, Aug 12, 2010 at 10:52 PM, Pascal Calarco pcalarco@nd.edu wrote:
Thanks Paul. What's the link to the FakeFAS Admin again? I'll be happy to test.
The https may bark at you because of a bad certificate, but that's it. Also Drupal itself is here:
http://publictest4.fedoraproject.org/drupal
On Thu, 12 Aug 2010, Paul W. Frields wrote:
I've hooked up the following role equivalencies via the AuthFAS plugin for Drupal:
DRUPAL ROLE FAKEFAS GROUP
administrator <----> cmsadmin writer <----> cmswriters editor <----> cmseditors
Is it easier to use groups internal to Drupal for this purpose or is it just as easy either way?
-Mike
On Thu, Aug 12, 2010 at 08:24:06PM -0500, Mike McGrath wrote:
On Thu, 12 Aug 2010, Paul W. Frields wrote:
I've hooked up the following role equivalencies via the AuthFAS plugin for Drupal:
DRUPAL ROLE FAKEFAS GROUP
administrator <----> cmsadmin writer <----> cmswriters editor <----> cmseditors
Is it easier to use groups internal to Drupal for this purpose or is it just as easy either way?
Because of the way I wrote the AuthFAS plugin, it's just as easy either way.
Basically, Drupal allows you to have an arbitrary number of roles, and each role can have permissions set such as "can create content," "can edit their own content," "can edit other people's content," "can create calendar events"... and so on.
However, there's no easy way in Drupal to have certain people managing certain roles. You can either manage them, or you can't. FAS is much more capable in that respect. It's nice to be able to have a few people in charge of the administrator role, the edtors role, etc.
So the way I wrote the AuthFAS plugin here was to allow a mapping between a Drupal role and a FAS group. It's totally easy to make the mapping. You just edit the role and on the normal edit screen you now get a field for a FAS group name to which you can tie it. So we can add as many (or as few) as we need for whatever purpose we like.
There's also a single required FAS group mapping, a group to which you have to belong in order to sign in ('cla_done' for us).
When people sign in to the system, their FAS group memberships are compared to the existing role<-->FAS group mappings, and their Drupal roles are altered appropriately to match, before they go through the final steps of authentication to the system.
logistics@lists.fedoraproject.org
-
Gianluca Sforna -
Mike McGrath -
Pascal Calarco -
Paul W. Frields