In anyMeta we have a very powerful access control mechanism. It builds on top of phpgacl and extends into the realm of trust in social networks.
The access control allows the administrator to define very detailed access rules. And the system also empowers the users themselves to give rights to other users on the basis of trust.
With access control we define who can do what with which content. For example, when you requested this page the access control system checked if you were allowed to view the article. It also checked if you are allowed to change it, and if you are allowed to react to this article. When you were not allowed to react, then you wouldn't see the react form underneath this article.
Every access control list entry consists of three parts:
In short, using the terms we use internally:
A semantic network (and with that anyMeta) is in essence a directed graph, consisting of nodes and the connections between them. The nodes are articles, keywords, people, images etc. The connections give meaning, like identifying an author, a figure for an article etc.
When you want to change the text of a node, say the title of this article, then you need edit access. For deleting you need delete access.
The basic actions on a node are:
To add a connection between two nodes you need:
The link and linkto access is differentiated per predicate. So it might be possible that you are allowed to add a figure to a document, but are not allowed to add the same document to a blog as a blogposting.
In anyMeta we call a node a thing. As in “everything is a thing.”
Every node is associated with a content group, also named axo. The basic content groups we define during installation are:
To prevent that we have to make seperate access control entries for every single user we assign per user one of the limited list of requestor objects.
The requestor objects are placed in groups and for those groups we define the access control rules. The most important requestor objects we install are:
People work together, in their workplace, hobby, and nowadays also on websites. On those sites you have friends, colleagues and people you have never heard about. In anyMeta you can define who you know and who is your friend by linking to them from your person record. For the link you can use the predicates friend or knows.
In general I trust that the people I know will be careful with my belongings. From this general understanding of people knowing each other and because of that also trusting each other we derived the concept of trust permissions.
For every thing you own you can define if your friends can also edit it. Or can add links, or comments. Even if only your friends can see it.
You can give rights to more people than just your friends:
For security reasons it is not possible to give edit or link rights to anonymous visitors. You can only give react and view rights to visitors. Besides that you can not borrow rights to someone when you don't have the right yourself.
There is something funny with giving rights to others, especially when you consider the implications for the underlying access control mechanism. For example, it should be possible for an administrator to edit everything, regardless of the trust permissions.
When you look careful at the implementation of the trust permissions than you will see that (for performance reasons):
So when the ACL gives me edit permission, then you are not able to remove it from me using your trust permissions. On the other hand, when the ACL gives me view permission then you can hide it from me by using your trust permissions. To prevent editorial disasters we also know the super view right enabling the administrators to see everything from everyone.