User Roles and Permissions

Posted on December 15, 2019

Gila CMS uses the role-based control access approach (RBAC) in order to give specific permissions at users. That means that a user is given one or more roles from the administration and every role is linked to one or more permissions.

The permissions are required from users for some restricted operations, like displaying menu links or create posts etc

  • A user can have multiple roles.
  • A role can have multiple users.
  • A role can have many permissions.
  • A permission can be assigned to many roles.
  • An operation can be assigned to many permissions.
  • A permission can be assigned to many operations.

Users and roles are stored in the database, while permissions are set in the package schemas.

When a new Gila CMS is installed, a new user will be created (the administrator) and a new role "Admin" given to that user. The "Admin" role is linked with the "All administration privileges" permission of the core package.

The core package provides theses permissions:

  1. All administration privileges
    It includes the other 2-8 permissions.
    Can use the file manager at /admin/fm
    Can save and restore db backups at /admin/db_backup
    Can update the configuration settings at /admin/settings
    Can edit the menus at /admin/menu
    Can create and edit the website widgets at /admin/content/widget
    Can download, activate and disactivate packages at /admin/packages
    Can download and select the website theme at /admin/themes
  2. Administrate users
    Can create and edit new users at /admin/users
  3. Administrate user roles
    Can create and edit new user roles at /admin/users?tab=1
  4. Add and remove permissions to user roles
    Can link permission to user roles at /admin/users?tab=2
  5. Can upload files on assets folder
    In asset window where images are selected, can upload new media files.
  6. Can edit files on assets folder
    Can rename(move) or delete existing media files.
  7. Can edit all posts and categories
    Can create and edit new posts at /admin/content/post
    Can create and edit new posts categories at /admin/content/postcategory
  8. Can write posts
    Can create and edit new posts at /admin/content/post but dont have access at other's posts.