checked in last night. the changes are:

• user-rights are now (internally) bit-level encoded. this should make it much easier to create new predefined roles or even offer fine-grained user-rights (defined per user). thanks to hns for the eye-opener
• as a result, there's now a new role - "content manager" - that gives full rights on all contents (stories, comments, images, goodies), but is not allowed to edit weblog-preferences, members and skins. hope this works for you, kris.
• i tried to solve the membership-mess in antville (as discussed here and here), meaning: - i removed the possibility for admins to disable user-signup. - "signup" (which is now called "subscription") has - for now - just one benefit: the subscribed weblog is added to a list, which results in a page for every user containing these subscribed weblogs plus the ones the user is a member of (= contributor, content manager or admin). to give this more sense this "your subscriptions"-page also contains a list ordered by the last update (kind of a "personal" version of the weblog-list on antville.org). and maybe one day there will be a mail-notification-service in antville too ... - users are now also allowed to "unsubscribe" - users do not have to subscribe to a weblog anymore just to get a chance of becoming a contributor, contentmanager or admin, it's all up to admins now: search for existing user-accounts (by username), choose the appropriate account and define the role of this user. should make things clearer.

i also cleaned up the code a bit more, and as always i hope i didn't introduce any new bugs. since this was the last big change on database-level i think antville should now be quite safe for the long-awaited update (after a bit more testing of course). anyway, please comment on these changes and report any bugs you found.

(btw.: there's a new db-patch called antville_dbpatch20020109.sql - please apply before)

I haven't checked out the new version yet, but last time I looked at it (a few days ago), I did have the feeling that fine-grained permissions would be a desirable thing. For example, instead of having just a few "hard wired" roles like administrator, contributor, etc, I imagine being able to give users permissions for actual tasks, like being allowed to post on the weblog, post a story to the topic space, create a new topic, modify skins etc. I think with a set of checkboxes per user, this wouldn't be too hard to handle. What do you think?

i successfully updated my local antville installation and as far as i can say after a few first tests everything works perfectly. thanks, robert!

(I hope the Hop does IP/session checking).

maybe it is just me, but i think the content manager should be allowed to edit the prefs (at least sitename, tagline, etc) and the members (except he can't assign the full admin right).

the cm was thought of as a person who maintains every aspect the site except the design. disabling the access to the skins has two goal:

1. a cm without html-skills cannot accidently ruin the site
2. a skilled admin can set up antville sites with a given design and you pass the responsibility to a cm. (think weblogs in education or in an organisation, where you want a ci).