Monday, July 11, 2005
[IPB 2.1] ACP Permissions
I've finally finished this feature off. Hoo-rah.
I've renamed it to "ACP Restriction Permissions" as it better suits the way the interface works. Basically, any admin in a group which has ACP access has full unrestricted access to the ACP. This only changes when they are added to the restrictions list. When first added, they don't have access to any area of the ACP.
The restrictions can be at tab level (Management, Look and Feel, etc), root feature level (Members, Forums, Template Editing, etc) and at sub-feature level (Add member, edit members, add forums, recount forums, etc) or a mixture of all three.
This means that if you just want an admin to manage skins, you can do this at the "Look and Feel" tab level. If you also wish to only allow them to edit existing skin sets, you can do so at feature and sub-feature level.
I won't bore you with how it works, back-end and database wise; apart from saying the actual PHP sources are picked through for permission checks and the database is built up from that which makes developing easier as I don't have to manually keep a list up to date.
The front end is mostly javascript and Ajax. I think this is a good example of how Ajax can take what would otherwise be a complex interface and make it much easier. Without such a system you'd have to rely on a series of page loads and a lot more PHP work to save state between pages.
You'll notice that the sub-feature level rows are auto-saved when another tab or feature tab is clicked. There is an optional manual save which turns red when a change has been made.
acp-perms.mov (Quicktime .mov 4.8mb)
UPDATED (12-July-05: New interface components) acp-perms2.mov (Quicktime .mov 2.2mb)
UPDATED (Again: Added quick links to allow perms for entire section) acp-perms.jpg
July 11, 2005 | Permalink
TrackBack
TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d83423035953ef00d8344ff14253ef
Listed below are links to weblogs that reference [IPB 2.1] ACP Permissions:
Comments
This feature looks great! Go on and update the roadmap now :P
You made this feature more than I expected it to ever be, you now have complete control over anything and everything an admin can access which is great and has been needed for a long time.
Thank you!
Posted by: Logan | Jul 11, 2005 4:52:48 PM
let's just hope they can't access other functions (like you give them all skin permissions) but can access the SQl database also. Aren't their like 2 or 3 features left for you to complete. fix bugs then FINAL?
Posted by: ldf | Jul 11, 2005 4:59:55 PM
If you don't want them to have access to the SQL toolbox then you restrict their access from that, no big deal.
There are a few features to complete, and once more public betas are released a few more bugs will probably pop up yes. So I wouldn't be too worried about the final? I'm sure Matt knows what he is doing and will get everything done in good time.
Posted by: Logan | Jul 11, 2005 5:08:36 PM
What I mean is. You know dean's mod for Inviz? Even though you restict access to certain things of the ACP, if the (person) or (group) knows the URL of another section (that they can't 'directly' acess they can still get to it, and perform the functions of that section. I'm wondring if he 'fixed' that, so that the group/person can ONLY access the things they are given permission to.
Posted by: | Jul 11, 2005 5:12:53 PM
I would assume it will be like that. Dean's mod not only doesn't work at all, but yes it didn't handle the permissions correctly.
I'm sure Matt did it properly and they cannot access it at all if they do not have permission to.
Posted by: Logan | Jul 11, 2005 5:20:33 PM
Only root admins have access to the ACP permissions panel, and also access to the SQL tool box and editing root admin member groups is limited to the root admin.
This is a hard check, it doesn't rely on simply removing links. The actual check is in the source code.
Posted by: Matt | Jul 11, 2005 5:46:11 PM
To add: I've added a box around the cross or tick (depending if currenly allowed) to help those with color blindness differentiate between which rows are green and which are red.
Posted by: Matt | Jul 11, 2005 6:56:20 PM
I don't like it.
First off, "ACP Restriction Permissions" sounds confusing (to me at least). Why not simply "ACP Restrictions".
Secondly, I don't think it's a good idea to re-invent UI elements. And if one must re-invent the wheel, please make it consistant.
Some examples:
- The checkmark/X for the individual features could be a simple checkbox control. That way it's consistant for the user and clearly indicates what to do. It also more easily helps with the color blindness problem. You can still use AJAX to populate them and use the bg color to indicate state in addition.
- The "Undo" and "Save" buttons look exactly like the "Ready" in the bottom left. Is the "Ready" clickable? Why not make the whole thing a regular pop-up window and use the status bar instead? Or make "Undo" and "Save" real buttons?
- Does this all work with JavaScript off? Does it work _well_ with JavaScript off? With a more standard looking interface, it would probably look ok even without JS.
I'm beginning to think that an overuse of AJAX (even if it can be disabled) produces a worse interface when keeping non-JS users in mind. As in, the more you rely on JS, the less you may think about a clean look and ease-of-use for non JS users.
Reloads are not that bad, keeping in mind that an XMLHttpRequest is just a mini-reload in disguise ;P.
Cheers,
Andre
Posted by: Andre | Jul 11, 2005 10:39:10 PM
Absolutely Incredible! ... As for the troll above, you're an idiot =)
Posted by: | Jul 11, 2005 11:49:04 PM
Wow! Thats awesome, I didn't realise you could have COMPLETE control over where they go! Great work!
I agree with the dude above me. :)
Posted by: Kennedy | Jul 12, 2005 12:14:36 AM
Very very nice work IMO.
The interface looks almost like a desktop application and well thought-out. The save and auto-save are nicely done too.
One little question:
Would there be any possibility to let some admins add and edit forums permissions but not let them change permissions of a forum that is only accessible by root admins ? If not, it means it is not possible to have a place to discuss important things like company intern matters. Sure I can trust my admins, but every human has some minimum level of curiosity. I think that almost every person that has the possibilty, would give himself shortly access information, read some things, and revert the permission afer this. They would of course do nothing bad, but read some things that are not intended to be read by them. The problem with password protected forums is, that the passwords are displayed in plain text in the ACP ...
Posted by: Someone | Jul 12, 2005 1:21:14 AM
Shouldn't it be "ACP Permission Restrictions" instead of the other way around? The name just sounds confusing as it is.
I also highly agree with Andre's comment, up until the Javascript part. If you want to use the ACP, you should require the use of Javascript. It's only accessed by a few people, and you should be able to trust your own site. You only need good JS-off behavior on the frontend, because that's where you're trying to get high visitorship. But the interface elements are a bit rough and need some work. The checkbox idea works much better than two icons that have no direct visible feedback. I have no idea if the other tabs were activated for that user or not until you clicked on them.
Posted by: Timothy Dorr | Jul 12, 2005 2:53:59 AM
I love the preview and the power it provides. Concerns/suggestions though:
* As with the multi-quote on the forums, how about a button that has a fat a$$ check if it's on and a big empty box if it's off. "[./] ON" or "[ ] OFF". Also changing colors, like green for access and red for no access. Click one button, it turns on/off and the color/check box shows it.
* How would someone be stopped from granting themselves permission to a forum that they either cannot post/reply to (but could give themselves that permission), or not even see at all? Only way I could imagine it is if they're restricted from changing permissions that they themselves do not have, ala inheritted.
* As with above, will there be (or easy to add) the ability to control which forums (and/or permission masks) they can edit?
* Editing members: If they promote someone to the Admin group, will that new admin get full access (ie, non-restricted even though non-root), or will they get the same permissions and restrictions? Are they "banned" from seeing/editing anyone with root-admin access?
Just some issues that I'm sure you have already taken care of, just want to know in what way out of curiousity.
Aside from that (and aside from the idea of using the multi-quote on/off button concept), I think it looks great. It's simple, to the point, easy to read/understand. That's the best way for it to be.
Posted by: Wolfie | Jul 12, 2005 4:38:42 AM
Looking very good :) Just instead of the boxes beeing differnet colour, i think it should be tick or a cross to avoid confussesion. Just an idea ;)
Posted by: Ben | Jul 12, 2005 6:31:52 AM
This is living proof that it is nearly impossible to even think about starting a competitive product to IPB or the current likes. Keep up the great work, Matt.
Posted by: Don Wilson | Jul 12, 2005 6:33:02 AM
You'll notice in the movie that tabs that you've disabled access for have gray text instead of black. As mentioned above, I'm going to draw a box around the currently selected icon to make it clearer for those with colour blindness.
"The checkbox idea works much better than two icons that have no direct visible feedback."
The row turns red when the cross is clicked and green when the check is clicked. That's pretty substantial feedback. Green and red are used everywhere for "stop" and "go" - such as traffic lights, etc :)
Posted by: Matt | Jul 12, 2005 9:43:28 AM
But if your colour blind, you most likely couldn't tell which is which color, unless you knew which came first: red, yellow, green (stop, slow, go). and yay!
Posted by: | Jul 12, 2005 9:48:15 AM
By Ben:
Looking very good :) Just instead of the boxes beeing differnet colour, i think it should be tick or a cross to avoid confussesion. Just an idea ;)
My idea was to use both. Two buttons, one with a tick/check in it meaning "has access", that would be green with the word "ON" also on it, the other a red button, word "OFF", with an empty box.
Either that or instead of "ON" and "OFF", perhaps have a yellow smiley face (for ON) and a grey sad face (for OFF)
Posted by: Wolfie | Jul 12, 2005 9:55:52 AM
..which is why I've said (twice) I'm going to add a border around the selected icon.
Posted by: Matt | Jul 12, 2005 9:56:10 AM
It's great how it is.
Posted by: Logan | Jul 12, 2005 4:09:07 PM
Matt I am really impressed. I personally love the use of AJAX we are seeing. It makes things like this so much easier, quicker and more efficient. The points raised about how this will work with color blind users or users who don't use JavaScript seem slightly irrelevant. The AdminCP is usually used by *savvy* web users. Most forum admins have at least worked out FTP, uploaded their files and setup a database. Some will have coded custom web sites from scratch and may even run the web server themselves. Expecting them to have an up to date browser capable of running JavaScript is not unreasonable, it can almost be assumed. If this AJAX means 30 seconds less spent each day on navigating and using the AdminCP then there is no way I want to loose it for those running Netscape 4 :-)
Posted by: Lloydy | Jul 12, 2005 4:25:02 PM
I see you updated the ROADMAP. yay! Only a few things left on their then fix bugs then FINAL I think. YAY!
Posted by: | Jul 12, 2005 5:21:59 PM
I didn't think that the permissions would be like that, they are much better than I expected. Nice job! It's so thorough.
Posted by: Danny | Jul 12, 2005 6:20:27 PM
Is there a way of making it so that you can select like a "grant all" button? That way if you want someone to have access to everything in a (tab or section), you don't have to click-click-click-click-click-click?
Like maybe near the undo button, have a "All" (with the green checkmark beside it), and when selected, would prompt "Are you sure?". That would save time if setting up someone to handle all of the functions of a section (more so if all the functions of a tab).
Posted by: Wolfie | Jul 12, 2005 6:35:42 PM
Check the new screenshot - there are "all" buttons now. :)
Posted by: Matt | Jul 12, 2005 6:38:16 PM
The comments to this entry are closed.