Subsections


A..12 Groups

The Groups Admin Tool is where you can manage the user groups and their permissions. To use this admin tool, you must have the edit_groups perm (A.12.10) active for your group.

WARNING: any user with permission to edit groups can give their group (and hence themselves) or any other group all other permissions. Be careful when giving this permission to other people.

To edit a group, first select the desired group fro mthe drop-down box then click the ``Get Group'' button. The fields below will be filled in with the appropriate data.

Group ID
is the name of the group. Since only site administrators should see the group names, there is no display name associated with a group.
Default New User Group
checkbox allows you to set which group new accounts are automatically placed into. By default, this is the group Users. Only one group can have this checkbox set; if you set it for a different group, it is unset on the group it marked before.
Group Description
is a description to remind the admin what the purpose of the group is, and what type of people should be in it.
Group Permissions
are a series of checkboxes, one for each individual permission available on the system. All but one determine whether or not a user can perform an action, and the majority are for administrative actions.

Permissions can be added or removed using the variable perms. Added permissions default to ``off'' for all groups; removing a permission from the variable does not remove it from a group; it must be deactivated for each group before removing it from the variable.


A..12.1 ad_admin

Determines whether or not a user can manage ads using the Advertising Admin Tool (A.15). This includes approving or rejecting submitted ads, changing ad properties, and creating new ad templates and example ads.

This should be reserved for administrators only.


A..12.2 allow_subscription

Determines whether or not a user is permitted to buy a subscription (4.13). Only regular users should have this permission, as buying a subscription changes the user group of the subscriber. Superusers and site editors should never have this permission.

User groups created for misbehaving users should also not have this permission because they can regain the privileges they lost simply by buying the minimum subscription.

This should be reserved for registered users only.


A..12.3 attach_poll

Determines whether or not a user can create a poll when creating a story. This permission depends on the perm story_post (A.12.35).

This may be given to any user group.


A..12.4 comment_delete

Determines whether or not a user can delete comments posted by other users. Deleting is the only comment editing available in Scoop.

This should be reserved for administrators only.


A..12.5 comment_post

Determines whether or not a user can post comments, subject to section permissions (A.9.2).

This is generally given to all groups, or to all groups except Anonymous.


A..12.6 comment_rate

Determines whether or not a user can assign a rating to comments posted by other users.

This is generally given to all registered accounts, and not Anonymous users. A restricted group without this permission can be created for people who abuse their rating privileges by consistently rating spam high or one person's comments low.


A..12.7 cron_admin

Determines whether or not a user can manage scheduled tasks using the Cron Admin Tool (A.14). This includes creating, activing, deactivating, and changing the frequency of the scheduled tasks.

This should be reserved for administrators only.


A..12.8 edit_blocks

Determines whether or not a user can edit Scoop's blocks, using the Blocks Admin Tool (A.7).

This should be reserved for administrators only.


A..12.9 edit_boxes

Determines whether or not a user can edit Scoop's boxes, using the Boxes Admin Tool (A.11). Users who can edit boxes can run arbitrary code on the Scoop server, since boxes can run any Scoop function as well as run system calls.

This should be reserved for trusted administrators only.


A..12.10 edit_groups

Determines whether or not a user can edit the user groups and their permissions using the Groups Admin Tool (A.12). Users who can edit groups can give themselves or others all permissions; read any warnings on other permissions to understand what the implications could be.

This should be reserved for trusted administrators only.


A..12.11 edit_hooks

Determines whether or not a user can edit Scoop's event-triggered functions, using the Hooks Admin Tool (A.18). This includes assigning an arbitrary Scoop function or box to run at any of the included events.

This should be reserved for administrators only.


A..12.12 edit_macros

Determines whether or not a user can manage Scoop's Macros, using the Macros Admin Tool (A.20). This includes giving all users access to specific Scoop boxes.

This should be reserved for administrators only.


A..12.13 edit_ops

Determines whether or not a user can manage Scoop's Ops, using the Ops Admin Tool (A.16). This includes assigning an arbitrary Scoop function or box to a URL path.

This should be reserved for administrators only.


A..12.14 edit_own_story

Determines whether or not a user can submit a story into the editing queue. This permission depends on the perms moderate (A.12.25) and story_post (A.12.35).

This should be reserved for registered users.


A..12.15 edit_polls

Determines whether or not a user can edit attached and unattached polls, using the New Poll Admin Tool and the edit links on each poll display. If the variable allow_ballot_stuffing is set, the user can also change the number of votes for each answer in the poll.

This should be reserved for administrators only.


A..12.16 edit_sections

Determines whether or not a user can edit the site's section structure and permissions. This includes creating subsection relationships and allowing or denying groups permission to read or post to sections.

This should be reserved for administrators only.


A..12.17 edit_special

Determines whether or not a user can edit the site's special pages, using the Special Pages Admin Tools (A.10).

This should be reserved for administrators only.


A..12.18 edit_topics

Determines whether or not a user can edit the topics and reassign topic icons. To add new topic icons, the user must have access to a server account that allows FTP, or Scoop's file uploads must be turned on, the admin upload area set to the topics subdirectory, and the user must have the upload_admin perm (A.12.41).

This should be reserved for administrators only.


A..12.19 edit_user

Determines whether or not a user can edit other users' preferences, user info, and user group. Users with this permission can change their group or other users' groups to the Superuser, giving them full permissions to the site; read any warnings on other permissions to understand what the implications could be.

This should be reserved for trusted administrators only.


A..12.20 edit_vars

Determines whether or not a user can edit site variables, using the Site Controls Admin Tool (A.6).

This should be reserved for administrators only.


A..12.21 editorial_comments

Determines whether or not a user can post editorial comments (suggestions for improvements) to a story in the queue. This permission depends on the permissions moderate (A.12.25) and comment_post (A.12.5).

This should be reserved for registered users.


A..12.22 hotlist

Determines whether or not a user can hotlist a favourite story.

This should be reserved for registered users. It makes no sense for anonymous users.


A..12.23 list_polls

Determines whether or not a user can use the Poll List Admin Tool (A.5) or see attached polls even if the stories they're attached to are hidden.

This should be reserved for administrators.


A..12.24 make_new_accounts

Determines whether or not a user can create new accounts while still logged in. This is mainly useful when setting up a new site or creating accounts on behalf of other people.

This should be reserved for the site administrator only.


A..12.25 moderate

Determines whether or not a user can view and vote on stories in the voting or editing queues.

This should be reserved for registered users.


A..12.26 poll_post_comments

Determines whether or not a user can post comments to a non-attached poll.

This is generally given to all groups, or all groups except Anonymous.


A..12.27 poll_read_comments

Determines whether or not a user can read comments associated with a non-attached poll.

This may be given to all groups.


A..12.28 poll_vote

Determines whether or not a user can vote in any poll. Each registered user can vote only once, and if the Anonymous group is permitted to vote, each IP address of an anonymous visitor can vote only once.

This is generally given to all groups, or all groups except Anonymous.


A..12.29 rdf_admin

Determines whether or not a user can administer external RDF feeds using the RDF Admin Tool (A.13), including approving or rejecting user submissions, and adding, activating, and deactivating feeds.

This should be reserved for administrators.


A..12.30 show_hidden_sections

Determines whether or not a user can see sections that would otherwise be hidden using the section permissions.

This should be reserved for administrators.


A..12.31 story_admin

Determines whether or not a user can administer stories, using the New Story Admin Tool (A.1) and the edit links on every story. This includes changing display and comment status, editing all text, and editing the poll.

This should be reserved for administrators.


A..12.32 story_commentstatus_select

Determines whether or not a user has the ability to enable or disable comment posting on a given story when posting that story through the normal story submission form. If all stories should have comments either enabled or disabled, the site control default_commentstatus should be used instead.

Regardless of the setting of this perm, users with the story_admin perm (A.12.31) have the ability to change a story's comment status when editing a story.


A..12.33 story_displaystatus_select

Determines whether or not a user has the ability to select the display status on a given story when posting that story through the normal story submission form. If all stories should go through the voting queue, this perm should not be given out. If certain groups should be able to by-pass the voting queue in specific sections, section permissions (4.16.3, A.9) should be used instead.

Regardless of the setting of this perm, users with the story_admin perm (A.12.31) have the ability to change a story's display status when editing a story.


A..12.34 story_list

Determines whether or not a user can list all stories, including those hidden from view, using the Story List Admin Tool (A.2). This includes editing the story if the user also has the story_admin permission (A.12.31), and deleting the story.

This should be reserved for administrators.


A..12.35 story_post

Determines whether or not a user can post a story or diary, subject to section permissions (A.9.2).

This is usually reserved for registered users, but some sites may choose to allow the Anonymous group to post stories as well.


A..12.36 suballow_group_change

Determines whether or not Scoop can automatically change a user's group when a subscription is paid for. If a group has the perm allow_subscription (A.12.2) but not this perm, the administrator will be emailed to manually change the subscriber's group when he pays for his subscription.

This should never be given to Superusers, just to prevent accidents while testing your site's subscription setup. This is otherwise usually reserved for registered users.


A..12.37 submit_ad

Determines whether or not a user can submit an ad for administrator review. This depends on the advertising functionality being active.

This is usually reserved for registered users.


A..12.38 submit_rdf

Determines whether or not a user can submit an external RDF feed for administrator review. This depends on the RDF functionality being active.

This is usually reserved for registered users.


A..12.39 subscription_admin

Determines whether or not a user can create and manage subscription types through the Subscriptions Admin Tool (A.17).

This should be reserved for administrators only.


A..12.40 super_mojo

Overrides mojo calculations for this user, and always gives the user the privileges and responsibilities that come with being a trusted user (4.10).

This should be reserved for administrators.


A..12.41 upload_admin

Determines whether or not a user may upload and manage files in the shared ``admin'' area, including renaming and deleting files, if the variable allow_uploads is turned on.

This should be reserved for administrators.


A..12.42 upload_content

Determines whether or not a user may upload a text file into the extended copy of a story submission (depends on the perm story_post (A.12.35)) or into the content field of a special page (depends on the perm edit_special (A.12.17)).

This may be given to any user group.


A..12.43 upload_user

Determines whether or not a user may upload and manage files in his personal upload space, including renaming and deleting files, if the variable allow_uploads is turned on. This is subject to the variable upload_user_quota.

This should be reserved for registered users.


A..12.44 use_spellcheck

Determines whether or not a user has access to Scoop's spellchecking functionality. Requires the variable spellcheck_enabled and the Aspell perl module (see section 2.1.3).

This may be given to any user group.


A..12.45 view_comment_ip

Determines whether or not a user can see the IP address a comment was posted from.

This may be given to any user group.


A..12.46 view_log

Determines whether or not a user can see the logs generated by Scoop's internal logging facility, which logs actions performed by users and administrators, using the Log Admin Tool (A.19).

This should be reserved for administrators.


A..12.47 view_polls

Determines whether or not a user can see the voting results of a poll.

This may be given to any user group.


janra
2004-03-26