User permission system

I know it’s been voiced that the web users and manager users are getting merged (which is fabulous). But now I’m wondering how the permissions will work... pretty much like they have been, or using a different method?

I guess what I’m getting to is that I think moving to a *nix style permission system would have a lot of advantages. For instance, right now, no one "owns" a page. Sure there’s a createdby designator, but it really doesn’t have anything to do with permissions. If the permissions were *nix style, then each document (or whatever other kind of "thing") could have an owner, a group, and a world setting. It’s worked for *nix for a long time.

This could potentially allow for some interesting streamlining. It’s still a little rough in my head (like most things ) but might have some merit. I thought I’d ask, because usually when I do, someone says, "oh yeah, we came up with that 4 centuries ago and it’s in the works for version X.Y"

That’s a great idea and the timing is spot on.

A question that this brings up though is how would we migrate existing permissions/users into a new system like you propose?

OK - I have some thoughts, but little time. I’ll come back to this.

Exactly Jared, and I’d like to eventually see every object in the system be able to have these permissions (where it makes sense, of course), and even be able to define custom permissions. We could then provide a protocol-level permission/access layer that could be accessed via web interfaces (back or front-end) or even via connectors to something like WebDAV. This could provide alternative methods for editing and publishing all types of MODx content.

I worked on a WebDAV access interface to a J2EE based commercial CMS a few years back, and should be able to recall most of the design issues we ran into, or at least know where to go look for the answers.

How about using manager user as the front end? So the front end user will be eliminated, and the new frontend user will inherit from the manager. With that, the user group need to be expanded, which are going to include the backend site permission as well as custom front end permission, that can be setup and checked on snippet or plugin. For the backend custom site permission is not needed, because we can use the frontend custom permission. The user setting on second tab of user edit has the ability to inherit from the user group setting. We also need a custom field on users.

So here is the point:
1. Remove FrontEnd User.
2. Add Custom Permission (Can be checked on Snippet/Plugin)
3. Add Custom Field, and remove some unimportant default field on user manager
4. Add User Group Setting that will be inherited by the users assigned to that group
5. Integrated snippet for easy user register and login with a custom email template
6. Better API for integrating it with third party system

Things to be considered, if somebody want a support of multi site, the users cannot be seperated for each site. This will cause a harder problem, so for now having the first 6 points is good enough.

Hope it helps.
Any suggestions, additions, or comments are welcome to make MODx the best CMS out there.

Regards,
Wendy Novianto