glFusion has a very flexible method of controlling access to content, plugins, and features. Almost every component of glFusion has the following security attributes associated with it:
Each permission can be set with the following attributes:
There is one exception, the Owner permission is always Read and Write.
For example, if you wanted to have a story that could only be viewed by paid subscribers to your site, you could do the following:
Now, only the owner (the author) and members of the ‘paid_subscribers’ group can see this specific story.
In some cases, glFusion’s security permissions follow a hierarchy. For example, a story belongs to a Topic. Topics have their own security settings. Even if a story has permissions that would allow anyone to see it, it is possible that the Topic’s security permissions would restrict access to the story. glFusion uses the least privilege model, which means when there are multiple levels of permissions, the least permissive setting wins.
glFusion has several pre-defined groups, these include:
| Group | Description |
|---|---|
| All Users | You are a member whether you are logged in or not. |
| Logged-In Users | You are a member only after logging in. |
| Root | Full Administration Rights - member of all groups. |
| Story Admin | Able to edit/delete stories and approve new story submissions. |
| User Admin | Able to add/edit/delete new users. |
| Group Admin | Able to create/edit group access. |
You can also create new groups to support your access requirements.
glFusion has an additional security feature called Rights. Rights are generally associated with an administrative function or a feature of the system. For example, there is a right called story.edit. If this right is assigned to a group, then members of that group could edit stories on your site.
Here is an example of how Rights can be used: If you have a site where you have delegated some responsibility for administration to some of your trusted users, you might create new groups to support the delegation of duties. For example, if you have 3 users who will moderate new story submissions (review and either approve or reject submissions), you could create a group called story_moderators and assign that group the right story.moderate. Any member of the story_moderators group can now moderate stories on your site.
There are several pre-defined rights:
| Right | Description | Default Group Assignment |
|---|---|---|
| block.delete | Ability to delete a block | Block Admin |
| block.edit | Access to block editor | Block Admin |
| group.delete | Ability to delete groups | Group Admin |
| group.edit | Ability to edit groups | Group Admin |
| plugin.edit | Access to plugin editor | Plugin Admin |
| stats.view | Ability to view the Stats Page | no default group assignment |
| story.edit | Access to story editor | Story Admin |
| story.moderate | Ablility to moderate pending stories | Story Admin and Story Moderator |
| story.ping | Ability to send pings, pingbacks, or trackbacks for stories | Story Admin |
| story.submit | May skip the story submission queue | no group assignment |
| syndication.edit | Access to Content Syndication | Syndication Admin |
| topic.edit | Access to topic editor | Topic Admin |
| user.delete | Ablility to delete a user | User Admin and Group Admin |
| user.edit | Access to user editor | User Admin and Group Admin |
| user.mail | Ablility to send email to members | Mail Admin |
| webservices.atompub | May use Atompub Webservices (if restricted) | Webservices Users |
| Calendar Plugin | ||
| calendar.edit | Access to event editor | calendar Admin |
| calendar.moderate | Ablility to moderate pending events | calendar Admin |
| calendar.submit | May skip the event submission queue | no group assignment |
| FileMgmt Plugin | ||
| filemgmt.edit | filemgmt Admin | filemgmt Admin |
| filemgmt.upload | filemgmt File Upload Rights | filemgmt Admin |
| filemgmt.user | filemgmt Access | All Users and FileMgmt Admin |
| Forum Plugin | ||
| forum.edit | Forum Admin | forum Admin |
| forum.html | Can post using HTML | forum Admin |
| forum.user Depreciated | Forum Viewer | forum Admin |
| Links Plugin | ||
| links.edit | Access to link editor | links Admin |
| links.moderate | Ablility to moderate pending links | links Admin |
| links.submit | May skip the link submission queue | no default group assignment |
| Media Gallery Plugin | ||
| mediagallery.admin | MediaGallery Admin | mediagallery Admin |
| mediagallery.config | Media Gallery Config Rights | mediagallery Admin and mediagallery Config |
| mediagallery.view | MediaGallery Viewer | mediagallery Admin |
| Polls Plugin | ||
| polls.edit | Access to poll editor | polls Admin |
| Site Tailor Plugin | ||
| sitetailor.admin | Site Tailor Plugin Admin Rights | sitetailor Admin |
| Spam-X Plugin | ||
| spamx.admin | spamx Admin | spamx Admin |
| Staticpages Plugin | ||
| staticpages.delete | Ability to delete static pages | staticpages Admin |
| staticpages.edit | Ability to edit a static page | staticpages Admin |
| staticpages.PHP | Ability use PHP in static pages | staticpages Admin |