dotLRN Portal Permissions
dotLRN Portal Permissions
by Arjun Sanyal and Ben Adida, part of dotLRN Documentation.
dotLRN presents itself to users by way of portals, i.e. pages that
aggregate data from disparate sources, shown as "boxes" on the page,
and allow these sources to be added, removed, and altered in various
ways. Permissioning issues arise frequently: "Is a student allowed to
remove the "Class Announcements" element of her portal?" is an example
of a permissioning issue.
In general the system of permissions should be simple enough for the
users to understand, but flexible enough to support all of the
required features.
Also, the scope of this document is the permissions system related to
the portal-based parts of dotLRN, for more documentation on the
general permission scheme of dotLRN, see dotLRN Roles, Sections, and Permissions
Some General Portal Ideas
Students will have the ability to alter their personal portal, but up
to the point specified by a class administrator. In the example given
above, a class administrator could "lock" the "Class Announcements"
element in student's personal portals so they would not have the power
to remove it or alter its position. In this case, the administrator
would have control over more than one portal, i.e. her
own personal portal and a "default" portal that is "cloned", including
the "lock", to create each student's portal when she registers for the
class.
Non-administrative users cannot grant any permission to anyone. Thus,
an "Student X lets student Y read her portal" scenarios are avoided.
Administrative Permissions
The administrative permissions CREATE and DELETE are only given to
those users whose roles are such that they would need to create and
destroy portals for scenarios such as the one given above.
CREATE
- User can create a new portal. Used for creating default class portals
- Granted to: Administrator role only, by default
- Implies: DELETE, and READ, EDIT, ADMIN on newly created portals
DELETE
- User can destroy this portal. Not granted to non-admin users.
- Granted to: Admin users who have CREATE
Portal-level Permissions for Non-Admin Users
These permissions are at the level of individual portals for users
such as students.
READ
- Grantee can read (view) this portal.
- Granted to: A User for her individual portal.
EDIT
- Grantee can:
- Add "Available" datasources
- Remove "unlocked" elements
- Move (shuffle) "unlocked" elements
- Edit user-editable element parameters
- Granted to: A User for her individual portal. Aggregates the
permissions that a non-admin user will have, other than "READ".
Portal-level Permissions for Admin Users
Admin users with the CREATE permission will be granted the following
permission on the newly created portal.
ADMIN
- Grantee can:
- Toggle "lock" on a portal element
- Set this portal page to be "cloned" from
- Set "non-user" parameters for elements
- Toggle portal element "availability"
- Granted to: A portal created with the CREATE permission.