Advanced user permissions have long been both one of b2evolution’s strengths and one of its weaknesses.
On one hand they allowed unmatched control over who could do what on which blog. That was good in those complex multiblog-multiuser setups. On the other hand, they could be pretty confusing for newcomers who were blogging just by themselves and didn’t need any complex permissions.
Yet, the admins of enterprise blog platforms wanted even more flexibility with their permissions…
With b2evolution 2.0 we have addressed this the following way:
Blog owner default permissions
First, advanced permissions are now turned off by default. That means that when you create a new blog, you assign it to an owner and that’s it. The simplest case being: you are the admin, you create a blog for yourself, you are the owner of the blog.
The blog owner can do almost anything on his blog without requiring any additional permission.
There are a few advanced things that the owner cannot do though. Among these: change the base URL of his blog, aggregate other blogs on his blog, set up a static file… These things require an advanced admin privilege. Again, on single user setups, the owner is also the system admin, so he can do whatever he wants, without trouble.
Now if a blog owner wants to invite additional users to blog on one of his blogs, he can turn on advanced permissions in his blog’s features panel. By doing so, the “User perms” and “Group perms” tabs appear in the blog settings.
Those advanced permissions tabs work mostly like before: any user can be declared as a member, a contributor, a publisher, a moderator or an admin of any specific blog.
The advanced permissions can also be given on a more granular level (e-g who exactly can upload a file, who can publish drafts, etc…). Those permissions can also be granted to user groups just like before.
Post editing permission
There are a few new advanced permissions though, among which the post editing permission!
So far, when a contributor had permission to post, he could also edit existing posts. Any existing posts…
Well, no more! Now you can decide for each user and/or group what posts he can edit. He may be allowed to post but not to edit anything at all. Or he may be allowed to edit only his own posts. Or he could be allowed to edit only posts written by someone with a user level lower than his own. Or equal user level. Or all posts.
Needless to say, the admin group has a super-permission that superseedes all this and lets them edit anything, anywhere, anytime without any hassle.
We hope this will satisfy most of the advanced as well as the simplification requests we have received since the introduction of advanced perms two years ago. If not, let us know…
All this and more coming to a blog near you this summer — b2evolution 2.0.