Finer grained edit control

Mar 18, 2010 at 5:10 PM

I have extended a site using sql membership and role providers, and adding some new pages with easycontrols that update or query sql databases.

I am using roles to allow some users to use pages that create/update/delete in the database, while anonyous users and most registered users can only see the read-only pages.

This is working OK.

I am still happily using the original xml storage for news, blogs, downloads etc.

But I would like more detailed control than the "editable by power user" feature gives.

I need to allow a user to add or edit news items to the newslist on the page, or add pictures to the gallery, or add/edit the upload list, or post a blog entry; but I don't want that user to be able to delete the newslist or gallery or blog section from the page, or add a new section to the page. And I want to be able to stop that user from editing an html section for example, even though she can edit news or blog entries.

In other words, I want to prevent the user (most users, anyway) from changing the layout of the page or adding a new section or deleting a section, I want to be able to stop the users editing some sections on a page, but allow them to edit other sections. 

Maybe we can think of this as allowing some users to change content, but not layout; but ideally, I would want restrict some users to editing only the pages for their own department, not every editable page.

I thought of adding an "edit by power user" bit, or a "section locked" bit, to each section on the page, rather than just at the page level.

Maybe we need two bits on each page, one for "Content Editable by power user"; and one for "layout editable by power user" to allow adding/deleting/moving sections.


Does anybody have any suggestions for the best way to do this?

Or would it be quicker to switch to another CMS?