I just thought I’d post here about some work I’ve been doing at the Carbon Coop for our multi-user EmonCMS installation. We’ve been installing smart meters across many different physical locations as part of the EU Nobel Grid project, and while administrating that I thought that it would be useful to be able to grant or deny access to different bits of functionality for different users.
Enter the user capabilities module:
It provides a framework for fine-grained access control on a multi-user EmonCMS setup. The list above is from my test system, showing the capabilities from the capabilities module as well as those from a (modified) group module.
A capability is just the ability to do something. You can see on the editor screen that there are different pieces of functionality you can enable or disable for different roles. Users are then assigned to one or more of those roles. It’s a common way to manage permissions on online systems - for example, both WordPress and Amazon Web Services use a model resembling this.
Here’s a slightly chaotic(!) collage showing how it works. On the right is the admin user who is editing the permissions for the group ‘Groups admin’. User ‘catsmith’ is in this role. On the right, ‘catsmith’ is logged in and using the group module. The top pair of screenshots shows what things look like for her when the ‘create groups’ capability is turned off for that group, and the bottom pair show what it looks like when it’s turned on:
That is, turning on the capability lets her create new groups. Pretty basic really, but it’s flexible enough that you can grant people the ability to do just the things you want them to be able to.
Setting up this kind of permissioning in a module is pretty straightforward - I can write a bit more about this if anyone is interested, or you can just take a look at the capabilities branch of the group module.
So, I’m mostly posting here to see if anyone else is interested in this kind of functionality. It is already pretty much working for our purposes at Carbon Coop but if there is wider interest then I am happy to work on it further and alter it for different use cases. Any takers?