LDM Permissions
From EIRMA Wiki
| Quick Links |
|---|
|
Overview and Tutorial |
|
Pre-Installation Installation Post-Installation |
|
Administration |
|
Moderation Design Advanced |
|
Other |
Contents |
Introduction
LDM controls usage rights with a usergroup-based permission system:
- To find and access: entries, the jukebox, etc
- To create and modify categories, entries, etc
- To access features: rate entries, create favourites, etc
- To over-ride other controls: see hidden entries, bypass the hit recording system, etc
A second, forums-based, permissions system is also available. This is used primarily to base the access rights to LDM categories and entries to the access rights you have set up for your forums. Forum-based access control is described on the Controlling Access page of this wiki.
LDM permissions are set on the LDM->Administer->Permissions page. Some can be changed within specific categories using the Add/Edit Category form. Permissions set in this way are inherited from parent to child:
- If a permission is set in the current category, this permission applies
- If a permission is set in any parent category, the permission set in the closest parent category applies
- Otherwise the global value is used
The LDM->Administer->Permissions page indicates whether parameters can be given local values and which have been modified in this way, and provides a mechanism to revert all per-category settings back to the global value. Individual per-category permissions are reverted on the relevant Edit Category form.
When testing a permission, LDM checks all the user's usergroups and grants him/her the most liberal permission available.
Initially, LDM is configured so that:
- only administrators can add material
- all categories and entries are visible to all users
Regardless of current permissions:
- the person who submits an entry or category can always edit it (but not necessarily delete it)
- members of the administrator group can always gain access to the LDM->Administer->Permissions page.
- when you create new usergroups, all LDM permissions for these groups will be *off* by default.
Rights to find and access: entries, the jukebox, etc
The following permissions are used to control which usergroups can make use of the features in LDM:
- can_view_category
- Usergroups without this permission cannot see categories. (Category owner can always view own categories.)
- can_access_link
- The "master switch" - users must have this permission in order to access any entry in your database. Denied usergroups may still be able to see these entries, depending on any forum-based permissions, but will not be able to access them. (Default: groups 1-7)
- can_play_musicbox
- Users with this permission can play audiovisual files using the Jukebox that is built into LDM.
- can_save_musicbox
- Users with this permission will also have access to the normal open/save hyperlink for media files that they can play using the Jukebox. Through combinations of this and the previous setting, you can control whether your user community can listen to and/or save media files.
- can_search_link
- Users with this permission can use the search facilities
- can_rate_link
- These usergroups can use the star rating system and add comments about entries. Although unregistered users can be given this privilege, the effect will be to offer them a "Please Register" link before they will be allowed to rate and add comments.
- can_mark_links
- These usergroups can mark links as Favourites
- can_report_link
- These groups can report problem links to admin/moderator by email
- can_send_tofriend
- These groups can use the "Send to Friend" feature
- can_view_hits
- These groups can see how many times each entry has been hit
- can_view_names
- These groups can see the names of the user who submitted each entry.
Rights to create and modify categories, entries, etc
- can_add_link
- user group can add new entries to the LDM database. This can be set on a per-category basis.
- can_link_files
- user group can create entries that use urls to point to a link or download. This can be set on a per-category basis.
- can_upload_files
- user group can create entries by uploading files onto the server. This can be set on a per- category basis.
- can_select_category
- user group sees a category selection list allowing them to add new entries to multiple categories and to categories other than the current. Other usergroups with can_add_link permission can only place entries in the current category.
- can_edit_link
- user group can edit existing links
- can_delete_link
- .... can delete existing links
- can_add_category
- .... ditto categories, etc
- can_add_keyword
- .... can extend the list of keywords that can be associated with entries.
- can_edit_keyword
- .... can associate entries with one or more keywords when adding or editing the entry.
- can_set_display_order
- .... can override the display order of links
- can_moderate_links
- .... can moderate new submissions
Rights to over-ride other controls
These permissions allow you to selectively modify other settings and permissions.
- can_view_hidden
- These groups can see entries that have expired, are not yet currentm, or have been marked as 'hidden'.
- can_see_protected_links_on_portal
- Selected user groups will be able to see all links and categories even if the forums-based permission denies them access to these. Attempts to access denied links will trigger an error message, depending on the value of the protected_link setting.
- can_bypass_hit_recording
- Normally, LDM records all hits in the downloads table. Hits by these usergroups will not be recorded. This is Useful if you get a lot of visits by bots - turn off hit recording for user group 1. Default: unset.
- can_bypass_bandwidth_limits
- These groups can bypass the global file/bandwidth limits on uploads and downloads set within the Admin/Allowances page. This setting is most useful when used on a per-category basis.
- can_bypass_forumperms
- These groups can bypass the forums-based permission system. This setting is most useful when used on a per-category basis.
- can_set_permissions
- .... can assign a link/file to a forum
Requiring Users to Accept Standard Access Conditions
When the setting force_accept is enabled, users are presented with some standard terms, set out in the links_agreement template/ll_agreement phrase, and must accept these terms before being allowed to download entries. This form is presented at most once per day.
force_accept can be set globally (LDM->admin->settings) and on a per-category (Edit category/Control Settings) basis.
Examples
You do not want guests to be able to access any links/downloads:
- Turn off can_access_link for the 'Guests' user group
You want registered users to be able to add new links but not upload files:
- Turn on can_add_link and can_link_files but turn off can_upload_files for this user group
You do not want guests to be able to access any links/downloads:
- Turn off can_access_link for the 'Guests' user group
You only want to apply download limits to entries in certain categories:
- Set usergroup allowances via the Admin/Allowances page, but give these usergroups can_bypass_bandwidth_limits in those parts of the category tree where you want free downloads.
You want users to agree to your standard terms before downloading entries in certain categories:
- Edit these categories and enable force_accept. Bear in mind that this will also apply in child categories unless the setting is changed in these categories
Blocking all access to LDM
If you want to completely block (e.g.) unregistered users from accessing LDM at all, create the following plugin and attach it to the hook ldm_start
if ($vbulletin->userinfo['usergroupid'] <= 1) {
print_no_permission();
exit;
}
