Evado app controls resource access rights using a role-based system (RBAC). This allows you to configure convenient and flexible restriction rules.
Permissions in the RBAC system describe what can be done in the app. For example, Create article, Create user, Delete comment and so on.
Roles group permissions into one. For example, the Author has permissions to Creat article and Edit article, and the Moderator role has permission to Delete comment.
Assignments bind roles to users. For example, if Adam user is assigned the Author role, then Adam will be able to do what Author is allowed to do (create and edit articles).
Go to Administration module and select the Security item in the side menu. Then select Roles item. By default, the app has two roles. Admin role has full access to app functionality. Guest role does not have any permissions and is assigned automatically to unauthenticated users.
The blog requires additional roles. Writer role allows you to create and manage your own articles and photos. Editor role allows you to manage all Office data.
Create a Writer role. Add Office module permissions to access Office and Upload files. Go to Meta permissions menu item and create permission to manage your own articles and photos:
Allow type allows action. Deny type prohibits action. For example, Allow to create or Deny to create. Targets field defines metadata that the permission affects.
Rule defines the possibility of applying permission. This happens at the time of requesting access to target. Meta author rule checks whether user is creator of the object that he is trying to access. If there was no rule, a user with Writer role could have full access to any article.
Create an Editor role. Add Office module permission to access Office and Upload files permission. Go to Meta permissions menu item. Open full access permission to Office data and add Editor role to it.
Go to Users item of the side menu. Create a Walter user and add the Writer role to him. Create an Edward user and add the Editor role to him. Check Verified box to consider email address verified and allow user to work in system. Now you can log in as a new user and check the assigned roles in action.