Forum OpenACS Q&A: Is there such a thing in OpenACS as an admin who is not a super user?

Collapse
1: Is there such a thing in OpenACS as an admin who is not a super user?
Posted by Brian Fenton on 01/20/09 07:21 PM
Hi

Is there such a thing in OpenACS as an admin who is not a super user? I've a situation where my client wants to allow one user to approve all registrations and generally take care of users. But he doesn't want this user to be the super user, i.e. he doesn't want them to see site-map, packages etc.

I can't see a way to make this distinction. Do I need to do something like create a new "users admin" group, give that group admin on a package (which package though?) and then put the users he wants into this group? Will that even work?

thanks for any advice

Brian

Collapse
2: Re: Is there such a thing in OpenACS as an admin who is not a super user? (response to 1)
Posted by Dave Bauer on 01/20/09 07:25 PM
No, there currently is no way to model this due to the hardwired permission checks in the packages.

Don is working on a way to extend a package, and the most common one to extend would be acs-subsite.

With that you could create admin or "management" pages that handled permissions that made sense.

In general many of our users could use a subsite administrator that could manage the subsite without breaking anything.

You could customize the appropriate pages, move then into a different directory (/admin/ always requires admin privielge) or change the site-map etc to require site wide admin privileges.

Collapse
3: Re: Is there such a thing in OpenACS as an admin who is not a super user? (response to 2)
Posted by Brian Fenton on 01/20/09 08:52 PM
Hi Dave,

thanks for the explanation. I thought I was being a bit too hopeful. I think the customisation is probably the easiest thing.

As always, thanks for your helpful and timely response.

Brian

Collapse
4: Re: Is there such a thing in OpenACS as an admin who is not a super user? (response to 1)
Posted by Torben Brosten on 01/20/09 09:09 PM
Brian,

I think you can do something like what you want for subsites by making the moderating user (MU) an admin of a subsite, then the MU can manage users at subsite/members

For example, example.com/subsite1/members

This is not exactly the same however, as users will need to register to the main site first for this to work, and permissions can be applied to other subsites on the website, just not the main subsite.

For example, you can give the group members at example.com/subsite1/members specific permissions for example.com/subsite2 etc. That way any member of subsite1 (determined by MU) will have the pre-arranged permissions for subsite2.

Note that if a subsite/members admin adds a new user directly through the UI instead of just adding a registered user to subsite1 membership, the notifications such as invitation are buggy (may not work for the new user).

Hope this is clear, if not I'll be glad to explain in more detail.
cheers,

Torben

Collapse
5: Re: Is there such a thing in OpenACS as an admin who is not a super user? (response to 4)
Posted by Brian Fenton on 01/23/09 05:55 PM
Hi Torben,

thanks very much for the reply. That is indeed very useful to know and will be something to bear in mind in future for me. Unfortunately, in this case we are not using subsites, and anyway the client has decided that the problem does not warrant spending any more money on customization.

many thanks for your thoughtful response!
Brian

Collapse
6: Re: Is there such a thing in OpenACS as an admin who is not a super user? (response to 1)
Posted by Dave Bauer on 01/23/09 06:14 PM
I thought of another way to do this, but its sort of a hack.

Basically you need another object to grant admin privileges over, besides the package_id/site_node.

If you want them to take care users and registrations etc, you can simply check permission on the group with the associated subsite (or main subsite/registered users) instead of the package_id.

You'd have to move the pages outside of /admin/ but its pretty straightforward, and even logical, to have admin privilege over the group and be able to manage the memberships for that group.