aBlog supports six different authority levels.
|AUTHORITY LEVEL |
|Administrator (80)||Create blogs; create entry on any blog, comment on any blog, administer the system including editing and deleting blog entries/comments. (Admin functions not currently implemented.|
|Full User (60)||Create blogs, create entries on any blog, comment on any blog.|
|Limited User (40)||Create blogs, create entries on a blog on blogs then created, comment on any blog.|
|Visitor (20)||Comment on any blog.|
|Limited Visitor (10)||Read any blog.|
|Passerby (5)||Read any blog.|
|None (0)||No authority. The containing application should block this individual from even seeing the blogs.|
Originally, Limited Users could only create entries on blogs they created, but at the moment they have the same abilities it's the responsibility of the web application to determine who has posting privileges and set the blogAuthority status in the configuration object according. This should be corrected in future versions. We would recommend that applications assign the two authentication levels as if they worked correctly so ungrading in the future will be simpler.
(Originally the passerby status was created for people who could read, but not see the attribution, on postings. If the attribution feature is not used, Passerby and Limited Visitior are the same.)
If there are users who should not be able to even read the blog, they should be screened out by the web application.
Notice that aBlog uses the concept of blog owner is determining who is allowed to do what.