Hello internet I’m Bernard Sfez a Tiki specialist and in this tutorial we'll see together the way permissions are set and how to use them to manage roles in Tiki.

But before that I would like to apologise for not publishing any video during October indeed very busy month for me. But I will do my best to publish two video before the end of this month and the second video will certainly be about how to bootstrap a Tiki website. Something people ask me several time this month... Using the Wiki syntax Smarty template. So subscribe now to my channel if you want to be notified when a new tutorial is published. And it's a good time for me to thanks Martin, Hugh John, Boyan and Marco Jay, many other that subscribe or send me a note about my tutorials. I really appreciate, thank you everyone for liking sharing supporting
one way or the other so our community keep on growing and best practices are
shared by everyone.

Back to this tutorial, permissions is a key feature in Tiki and it explained why our open source software is selected by sensible company when they need very specific permission scheme. It's based on group membership and there is a lot of to say so as usual let's start video tutorial right now...

In this Express Tutorial

So in this Tiki Express tutorial we’ll review together;

  • Why do we need permissions
  • What is a role and how to use Groups
  • How to assign a user to a Group
  • How Tiki assign permissions and the common types of permissions
  • The global permissions
  • The object permissions
  • The Tiki plugin Permissions
  • Use the plugin group to apply different permissions inside a page
  • An overview of advanced permissions for categories and trackers

Why do we need permissions

When you are publishing a website on the internet, different groups of people will have different roles. Visitor or Anonymous, someone that didn't identify himself with the username and a password for example, will be able to see create and edit certain things while admins or
super users should be able to create edit content view other data and configure the Tiki site.

To tell Tiki what group of user can see or do something we use Tiki permissions in conjunction with other feature or functionality like the group the object the feature and the categories that's
not all but other ways are advanced and outside the scope of this tutorial.

What is a role and how to use Groups

A role is in Tiki a group of users with specific privileges or attributions. Tiki come by default with three group: Anonymous, Registered and Admins.
There may be inheritance from a group to another and so by default in Tiki registered inherit the anonymous permissions. What can do Anonymous, Registered can.
Those are default roles :

  • Anonymous for anyone that didn't log in
  • Registered for anyone that is logged and by default new user will be member of the registered group.
  • Admins for the user able to set up and configure the Tiki.

Note that the user admin is a special user that can see and do anything and have all the permissions.
When a user is added you can ask him or set automatically or manually from which
group it will be member of. And you can have many groups as you want, even one
group per user.

How to assign a user to a Group

For this tutorial and to show you how to create a group and assign a user I will set up my Tiki with four roles. I go to the group's admin page, setting => groups. We can see the group and their inheritance. Let’s create our missing editors group. I give it a name. A description. I select the group it inherit permissions from. If a group inherit already from another group you don't need to select both. In this case Editors will inherit from Registered and that imply they will also inherit from Anonymous. below there are more option and depending of your configuration you may have much more but this is not for this tutorial about Tiki permissions.

Let's go now to our users admin page you can go by clicking on settings user or use the admin user link at the top of the group admin page. The admin user is created by default during the Tiki installation process and I created a few users. I will have a user for each group except Anonymous that my definition is a group for all visitors non user, people that are not identified. The last column of the table is to display groups assignment using the action branch and selecting add or remove from a group I can change the group assignments for a selected user I
assign my editor user Jonah Jameson to the group Editors. My registered user, Peter Parker is already member of the group registered like any other user and the admin is me the Admin.
We have now 4 roles as Anonymous is anybody not logged in.

How Tiki assign permissions and the common types of permissions

Tiki has several ways to apply permission on something. When you start a Tiki and have to set the primary permissions we usually use global permission, a set of permission applied on feature or
functionalities at a global level meaning all over Tiki. On the other side of the range of possible permission we have object permissions. The object permission is applied to Tiki object a page, a file gallery, a tracker etc. In between Tiki has half a dozen of other possibilities like category permissions and feature specific permission like for tracker item owned by a user or group. Topic permission for articles and of course exceptional permissions like temporary token if you want to grant someone the permission to access content for a limited duration and without being registered. Talking about range of applicable permission object permission has preponderance over global permission.

The global permissions

Let's check our global permissions that are accessible under Settings => Permissions. As you can see in the top navbar, and reflecting what we’ve seen so far permissions are tied with groups and users. There is a so an object permission list to help you check things and we will see later the plugin permission that can be very handy to see on an object what permission are applied to it.

Let's review this page and its options. Three tabs, one to assign permissions, one to select the groups and one to select the features. Before assigning permissions let's make sure we select all groups and all feature. Back to the first tab we have a check box to show permissions for disable feature, a filter to look for specific permissions, a toggle with all the permissions applicable on the active feature for your Tiki configuration.

If you feel a bit lost when viewing this long list you can move over a check box and wait a bit for a tip tool that will show you what group it will be applied on to. Quickly for my demo I said that Anonymous can't see page Registered can see pages. Editors can see pages and upload pictures.

What happened now if on the second browser I go to my Tiki.
Anonymous can't see any page. I log in with my registered user and now i can see the pages but i can't edit them. I log in now with my editor user and now I can see pages and edit them.

The object permissions

Great but I want to relax a bit the permissions and I have a page Anonymous can access to explain them they should register to see content. As admin, I go to the home page and at the bottom under the more button I go to permissions.
You are clearly told that you are about to apply permission on the object and that no other previous object permission were applied. I check, anonymous can view the page. Apply.

Now back to my Home page I wrote a quick text for my visitors I switch browser and check again as anonymous. As expected anonymous can see the page.

The Tiki plugin Permissions

To help you with setting we have available in Tiki a permission plug-in. Let me activate it and assign it. This great tool was created to help with permissions when you get confused. Think about setting it and then after that you can remove it.

Use the plugin group to apply different permissions inside a page

Okay let's improve a bit. My homepage is now visible by all. We can improve this and have different content displayed for different roles using the plug-in groups. The plug-in group will check the actual logged user group and display relevant content depending of the group detected. The plugging is also able to display a specific content for my registered user
and else display something else. I’ll copy past content I have already prepared.

I save.
Let's check now on the different browser.

This is what anonymous will see now. As soon as I log in, on the same homepage I don't see now the previous content from my anonymous but the content I want my logged user to see.

An overview of advanced permissions for categories and trackers

While this Tiki Express Tutorial is a beginner one I can't end it without showing you super quickly the categories permission or the specific trackers and trackers fields permissions.
Categories, admin categories and again a click on the action wrench will show you a link to the permissions available.

In the tracker you have many and flexible ways to show or ID data. At the tracker object level using the wrench again permission link.

Also in the properties of a tracker you have more
permission setting. For example the first one will allow you to set that user can own item and he will be able to see them while he won't be able to see the others items. Also important the option restrict non admins to wiki pages access only. With this enable your user will be able to see the data in their items using plug-ins on the wiki page but they won't have access to the tracker features itself.

Each field in a tracker as also its own set of permissions parameter... A lot, a lot of things to see and to discover. It was super quick but it's up to you to explore and test now that you know it exists and where it is.

Ending


Express tutorial it was with those basic explanation in mind you are ready to set pretty complex
permission scheme and with a little more practicing and experimenting by yourself you'd be able to have your role working properly. And when your knowledge improve, please share it with the other Tikiers on my YouTube channels comments, the Tiki forum, the XMPP chat whatever.

Thanks for watching till the end this video and if you like you know what you do like, share, subscribe send new comment or send me an old video games system or an old guitar pedal. It may be somewhere in your basement or collecting dust but me I am collecting them and I can repair them eventually if they are broken. You will make me very happy and my happiness is very very important to me.

Thanks again for watching this Tiki Express Tutorial and may the power of Tiki be with you.

Bloopers

Ha... This is in the box ! (french)

https://doc.tiki.org/Permissions
https://doc.tiki.org/Permission-Enforcement-Order
https://doc.tiki.org/Permissions-List
https://doc.tiki.org/Groups-Management
https://doc.tiki.org/PluginGroup