users : Managing the users of your Lino site¶
The lino.modlib.users plugin is installed in almost every Lino
application.
What it does¶
The users plugin
defines the database model for storing user accounts.
adds ways for signing in and out at different places,
adds the menu command to View all user accounts,
adds concepts like User types and user roles, permissions, user preferences, authorities.
View all user accounts¶
As a site manager you can add new users and edit existing users via the menu command.
The detail of a user account¶
This window opens when you click on My preferences or when you double-click on a row in the data window.
For a description of the fields, see lino.modlib.users.User.
User accounts¶
A site manager is a privileged site user who is responsible for managing the list of user accounts on a given Lino site.
A site manager never needs to specify the current password when setting a new password for any user account.
A site manager can optionally specify a date when a user started or stopped to be active.
End users can change their password themselves: How to change your password.
User types and user roles¶
You can see the user types available on your Lino site via . Here is a typical list of user types:
value |
name |
text |
000 |
anonymous |
Anonymous |
100 |
user |
User |
900 |
admin |
Administrator |
Another menu command might be interesting: . This table shows the user roles defined on your site and for each user type whether it has a role or not. Lino consults this table when deciding whether to give permission (or not) to see certain menu commands.
Name |
000 |
100 |
900 |
comments.CommentsStaff |
☑ |
||
comments.CommentsUser |
☑ |
☑ |
|
contacts.ContactsStaff |
☑ |
||
contacts.ContactsUser |
☑ |
☑ |
|
excerpts.ExcerptsStaff |
☑ |
||
excerpts.ExcerptsUser |
☑ |
☑ |
|
office.OfficeStaff |
☑ |
||
office.OfficeUser |
☑ |
☑ |
|
xl.SiteAdmin |
☑ |
||
xl.SiteUser |
☑ |
These tables are maintained by the application developer. You cannot edit them. They are interesting for end users who want to understand what every user type does. If you think that something is wrong with the user permissions on your site, then talk about it with your site expert.
Acting as another user¶
calendar entries for a social agent can be made by a reception clerk
One user creating a comment while working as another user
Authorities are the permission to act as another user
Online registration¶
Your Lino site may have social authentication channels enabled.
TODO: write more explanations.
Third party authentication¶
The third_party_authentication feature can be enabled by the site
maintainer. When this is enabled, you must also create “applications” on some
third-party auth provider (Google, Facebook).
Glossary¶
This documentation page introduces the following concepts.
- user account¶
A database row with information about a given site user.
- user preferences¶
The database fields of a user account that can be edited by the user themself.
For a description of user preferences, see
lino.modlib.users.User.- My preferences¶
A quick link and an entry in the user menu that opens a detail window where you can edit your own user preferences.
- user type¶
The type of a user account, which defines the user’s permissions permissions. See User types and user roles.
- user role¶
A role within the application that can be assigned to a given user type. User roles are the atomic units for handling user permissions in Lino.
- user permissions¶
The set of functionalities and data to which a given site user has access.
The fact that one user gives another user the right to “represent” them, i.e. to act in their name.
- online registration¶
A feature of a Lino site that allows new end users to register online, i.e. to create a user account without (or with little) interaction of the site manager. See Online registration.
- sign in¶
The action of telling a Lino site who you are. See Authentication.
Authentication¶
Authentication is the process that happens when an end user signs in. It includes:
Ask for user credentials (username and password)
Look up the user account from the database.
Verify whether password is valid
Optionally use other authentication methods
Store the
users.Userinstance in theSessioninstance.