Controlling and limiting access to the nodes

Quanta provides 4 main permissions for nodes:

Node View - given a node, defines who can view it
Node Edit 
- given a node, defines who can edit it
Node Add - given a node, defines who can add another (new) node inside it
Node Delete 
- given a node, defines who can delete it

Since everything in Quanta is a node (folder) this should be enough to suit most needs for a standard websites.

We are however planning to extend permissions, in order to have permissions as nodes.

The good news, is that in Quanta you can create custom roles.

By default, you will have those pre-installed roles (see your system document root):

📂  _roles
  • 📁  logged
    • 📁  anonymous
      • 📁  admin

        Roles are nodes / folders in Quanta, just like everything else. So you will be able to add new roles as you wish, by just creating a new node inside the _roles folder.

        The quickest way to do so, is to copy-paste an existing role (i.e. administrator) and change values in its data.json file.

        After a new role is created, it will be available for the above default permissions.

        By default, there is no pre-selected role for a node's permission, and the default choice is "Inherit".

        "Inherit" means that the node's permissions will be inherited from the node's father.

        So given this structure:

        📂  example_data
        • 📂  misc
          • 📁  count_site_visitors
          • 📁  helloworld
            • 📂  animals
              • 📁  duck
                • 📂  dog
                  • 📁  labrador
                    • 📁  beagle
                    • 📂  cat
                      • 📁  maine-coon
                    • 📁  lorem-ipsum
                      • 📁  grid-test
                        • 📂  fruits
                          • 📁  orange
                            • 📁  banana
                              • 📁  apple

                              Setting apple's permissions to "inherit", apple will inherit permissions from fruits.

                              If fruits's permission is also "inherit", apple will inherit permissions from example_data.

                              If (as in the example) the root folder has "inherit" permissions, all permissions will be set to administrator by default.

                              Quite simple, isn't it?

                              We intentionally chose to reduce the permissions to just those basic ones. Should you have a need for another permission (i.e. "who can upload files to nodes?"), you can always use hooks and gain full control over all possible and imaginable actions...