Contypes CMS targets simplicity and flexibility. You define the data model and the system has the engagement to handle it.
Users have Roles assigned. Roles have Users attached. We do not use Groups as a third construct, which would only make things more complicated.
Admins have the admin role assigned. Only Admins can view and edit Users and Roles. We do not use sub admin or partial admin or security admin roles, which would only make things more complicated.
The User list is available at menu path Administration > Users:
For creating a new user press button Add User.
For editing an existing user press the edit con on the right of the user record.
Expanding the Roles section allows the admin to add or remove roles to the user.
For deleting a user press the delete icon on the right of the user record.
The Role list is at Administration > Roles respectively:
For creating a new role press button Add Role.
For editing an existing role press the edit con on the right of the role record.
Expanding the Claims section allows the admin to add or remove claims to the role. Claims reflect the rights to read and/or modify specific content types (Content types are explained later in this document).
Expanding the Assigned Users section allows the admin to add users to role (the same as assigning roles to uses as explained earlier, but from the viewpoint of a role).
For deleting a user press the delete icon on the right of the role record.
New user registration and user login are self-explaining:
The logged-in user has multiple options to handle his profile:
Logout has an immediate effect. The other options require a form edit of am action confirmation:
The Password Reset actions sends a link to the user's email, which he can use to reset his forgotten password.
The user authentication is realized with JWT tokens, not cookies. The user sessions are stored in the browser memory and are lost upon closing the browser (a password retype is required next time).
The JWT tokens system has 2 main settings:
The privacy protection policy definition is a responsibility of the owner of the site, on which the Contypes CMS would be installed. There is no privacy policy defined in the blank distributive.
You, as a site owner, must ensure site compliace with the privacy data protection regulations like the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and all others, depending on the area of operation of your site.
You have to specify the privacy policy by editing the HTML page "Privacy Policy" (page editing is explained later in this document) or by providing a new document at your discretion.
When visiting the site for the first time the user sees the Accept Cookies popup, which allows him to either accept all cookies or press the More Options button, which will open more detailed selection options.
Storing cookies in the client computer follows good practices and general regulations, rather appliying a conservative restrictive approach, hence:
The base application implementation provides for handling only technical cookies and analytics cookies. Injecting other types of cookies would require a minor functionality extension.
The cookie acceptance panel pops up for the visitor if he has not yet decided for his cookie preferences. Ones the cookie preferences are saved, the visitor can any time later go to the Cookies page and press the Decline Cookies button, which will reset the cookie rules for that visitor and navigate to the initial Accept Cookies screen, where the cookie preserence setting start over.
Content Types are the data fundament.
Content Types have Characteristics, which can be dynamically added or removed.
Contents belong to Content Types. The Content record has the characteristics of its Content Type.
Admins can add/update/delete Content Types.
Admins can add/update/delete Characteristics.
Admins or authorized users (through their Roles) can add/update/delete Contents.
The admins access the Content Types, Characteristics and Contents via the top menu Resources.
The users reach the content records grouped by Content Type (top menu Contents or the vertical left side menu). Only the links to Contents of the type, for which the visitor/user has access, are shown.
The visitors (not logged-in users) can see (not edit) only the contents, of which the COntent Types is marked as Public (see the section for access rights management later).
Content Types and Characteristics are managed by admins only.
The specific Content access depends on the "Role Claims" for the related content type, which are set by editing that role and setting read/write rights to different content types.
Apart from the dynamic contents you will probably need some simple static HTML pages. Here the page editor joins the game.
Static pages are public. Any visitor can access a static page via the menu item Pages.
Only admins can add/remove pages or edit pages with the help of the WYSIWYG editor.
