存取控制

Weblate comes with a fine-grained privilege system to assign user permissions for the whole instance with predefined roles, or by assigning one or more groups of permissions to users for everything, or individual projects, components, glossaries, and so on.

專案存取控制

備註

在託管的 Weblate 上使用免費 Libre 方案的專案都會被設定為 公開 的。如果你想限制對你專案的存取,可以切換到付費方案。

Limit user access to individual projects by selecting a different 存取控制 setting. The available options are:

Public

任何人都看得到。

任何通過身份驗證的使用者都可以貢獻。

所有人都可能可以存取VCS 儲存庫。

選擇這是開源專案,或是 Weblate 站台是私有或是鎖定。

Protected

任何人都看得到。

只有選定的使用者可以貢獻。

只有選定的使用者可以存取 VCS 儲存庫。

** 選擇這個增加可見度,但你仍能控制誰來貢獻。**

Private

只有選定的使用者看得到。

只有選定的使用者可以貢獻。

只有選定的使用者可以存取 VCS 儲存庫。

對於根本不應該公開曝光的專案選擇此選項。

Custom

只有選定的使用者看得到。

只有選定的使用者可以貢獻。

只有選定的使用者可以存取 VCS 儲存庫。

在託管的 Weblate 上無法使用。

你必須使用 全站存取控制 設定所有權限。

如果您想以一種特定的、精細定制的通道定義訪問,請在你自己的Weblate實例上選擇這個。

可以在每個專案的組態(:guilabel:`Manage↓:guilabel:`Settings)的:guilabel:`Access`選項卡中更改存取控制。

../_images/project-access.webp

The default can also be changed by setting DEFAULT_ACCESS_CONTROL.

備註

Even Private project statistics are counted into the site-wide statistics and language summary. This does not reveal project names or any other info.

備註

Instance administrators can modify the default permission sets available to users in Public, Protected, and Private projects by using custom settings.

也參考

存取控制

管理單一專案的存取控制

於`公開`、`保護`與`隱私`專案:

Granting users Manage project access (see 特權列表) allows them to assign other users in Public, Protected and Private (but not Custom) projects via adding them to teams.

These are the default teams provided with Weblate; teams can be added or modified by users with sufficient privileges:

管理

All available permissions for the project.

檢閱

Approve translations in a review.

僅當啟用 review workflow 時才可用。

只限‘受保護’及‘私有’專案:

翻譯

Translate the project and upload translations made offline.

原文

Edit source strings (if allowed in the project settings) and source-string info.

語言

Manage translated languages (add or remove translations).

詞彙表

Manage glossary (add, remove, and upload entries).

記憶

管理翻譯記憶。

螢幕擷圖

Manage screenshots (add, remove, and associate them to source strings).

自動翻譯

可以使用自動翻譯。

VCS

Manage VCS and access the exported repository.

帳單

Access billing info and settings (see 帳單).

../_images/manage-users.webp

These features are available on the Access control page in the project’s menu ManageUsers.

提示

You can limit teams to languages or components, and assign them designated access roles (see 特權列表).

團隊管理員

在 4.15 版被加入.

每一團隊可以擁有團隊的管理員,他可以新增或移除團隊中的成員。對於想要建立自治的團隊是很有用的。

邀請新使用者

新增現有使用者將向他們發送確認邀請。透過 REGISTRATION_OPEN,管理員還可以使用電子郵件邀請新使用者。受邀的使用者必須完成註冊程序才能存取該專案。

不需要具有任何站點範圍的權限,就可以這麼做,專案級別的存取管理權限 (如,Administration 組成員資格) 就足夠了。

提示

如果受邀的使用者錯過了邀請的有效期,則必須建立新的邀請。

同樣的邀請函數可以從 管理界面 :guilabel:`使用者`標籤。

在 5.0 版的變更: Weblate 現在不會自動建立帳戶或將使用者新增至團隊。這只會在使用者確認後完成。

禁用使用者

在 4.7 版被加入.

If users misbehave in your project, you can block them from contributing. With the relevant permissions blocked, users can still see the project, but won’t be able to contribute.

單一專案權限管理

You can set your projects to Protected or Private (see 專案存取控制), and manage users access per-project.

預設情況下,這可以防止 Weblate 授權 UsersViewers 提供 default teams 由於這些團隊所擁有的設定。這不會阻止您透過更改預設團隊,為預設團隊建立新的一個專案,或者為以下單個元件建立其他自定義設定,或者如 全站存取控制 所描述。

其中一個透過 Weblate 使用者介面管理權限的主要好處是,您可以將其委派給其他使用者,而不需要給予他們超級使用者權限。為了這樣做,請將他們加入專案的 Administration 團隊。

全站存取控制

備註

此功能在託管的 Weblate 上不可用。

The permission system is based on roles defining a set of permissions, and teams linking roles to users and translations, read 使用者,角色,團隊與權限 for more details.

The most powerful features of the Weblate’s access control system can be configured in the 管理介面. You can use it to manage permissions of any project. You don’t necessarily have to switch it to Custom access control to utilize it. However you must have superuser privileges in order to use it.

如果您對實現的詳細資訊不感興趣,並且只想根據預設值建立一個簡單的組態,或者沒有對整個 Weblate 安裝的站點廣泛存取(如 託管的 Weblate),請參閱 管理單一專案的存取控制

網站範圍內的權限管理

要一次管理整個執行個體的權限,請將使用者新增到合適的 default teams:

  • 使用者 (預設完成於經由 automatic team assignment)。

  • `審稿人員(如果您使用的是:ref:“評論工作流程<評論>”與專用評論者)。

  • “經理”(如果您想將大多數管理操作委派給其他人)。

您應該使所有專案設定為 公開`(請參見 :ref:`acl),否則網站層級的權限將對 使用者檢閱者 不會有任何影響。

您還可以賦予您所選擇的一些額外權限到預設群組。例如,您可能希望允許管理所有 使用者 的螢幕截圖。

您也可以定義一些新的自定義團隊。如果您想繼續管理這些團隊的網站範圍內的權限,請選擇適當的 Project selection (如 All projectsAll public projects )。

為語言、元件或專案自訂權限

您可以建立自己的專用團隊來管理不同對象(如語言,元件和專案)的權限。您不能透過新增一組自定義的團隊來撤銷任何來自全站設定的權限或某一團隊的權限,即使這些團隊只能授予額外的權限。

示例:

Restricting translation to Czech to a selected set of translators, (while keeping translations to other languages public):

  1. Remove the permission to translate Czech from all users. In the default configuration this can be done by altering the Users default team.

    群組 使用者

    語言選取

    如定義

    語言

    捷克語 以外

  1. 捷克語 翻譯新增專門組別。

    捷克語 翻譯群組

    角色

    超級使用者

    專案選取

    所有公開專案

    語言選取

    如定義

    語言

    捷克語

  1. 新增團隊中您希望賦予權限的使用者。

Management permissions this way is powerful, but can be quite a tedious job. You can only delegate it to other users by granting them Superuser status.

使用者,角色,團隊與權限

身份驗證模型包括幾個對象:

許可

Individual permission defined by Weblate. Permissions cannot be assigned to users, only through assignment of roles.

角色

A role defines a set of permissions (and can be reused in several places).

使用者

A user can belong to several teams.

群組

Groups connect roles and users with authentication objects (projects, languages, components, and component lists).

graph auth { "User" -- "Group"; "Group" -- "Role"; "Role" -- "Permission"; "Group" -- "Project"; "Group" -- "Language"; "Group" -- "Components"; "Group" -- "Component list"; }

備註

一個團隊可以沒有分配角色,在這種情況下,假設任何人能存取專案(見下文)。

Project-browsing access

使用者必須為團隊成員並團隊連結到專案或任何元件的成員。擁有成員身份就足夠了,瀏覽專案不需要特定的權限(這被用於預設的 檢視者 小組,見 default-groups )。

Component-browsing access

Granting browsing access to a user in one project gives it access to any component with derived browsing permissions. With 受限制的存取 on, access to components (or component lists) are granted explicitly.

團隊範圍

The scope of the permission assigned by the roles in the teams are applied by the following rules:

  • 如果團隊指定任何 Component list,所有在團隊已賦予到成員的權限也將賦權在團隊裡元件列表中的所有元件。若無額外指定的權限在所有的專案,這些元件在 ComponentsProjects 會被忽略。

    使用龐大的組件列表可能會對效能產生影響,請考慮透過專案提供存取權限。

  • 如果該團隊指定任何元件,則為將該團隊的成員提供給團隊的所有元件,對於該團隊的所有元件授予所有權限,並且對於這些元件的所有專案授予沒有額外權限的存取權限。專案被忽略。

  • 否則,如果團隊指定了任何 Projects,無論是直接列出它們還是將 Projects selection 設定為類似 All public projects 的值,所有這些權限都套用於所有專案,這實際上授予了存取所有專案的相同權限 unrestricted components

  • The restrictions imposed by a team’s Languages are applied separately, when it’s verified if a user has an access to perform certain actions. Namely, it’s applied only to actions directly related to the translation process itself like reviewing, saving translations, adding suggestions, etc.

提示

使用 Language selectionProject selection 來自動包括所有語言或專案。

示例:

A project foo with the components: foo/bar and foo/baz, with reviewing and management rights, in the following team:

群組 西班牙語管理審查員

角色

審核字串, 管理儲存庫

組件

foo/bar

語言

西班牙語

Members of that team will have these permissions (assuming the default role settings):

  • 一般(瀏覽)存取整個專案``foo``,包括它的兩個元件:foo / bar``和``foo / baz

  • 審核字串 foo/bar 在西班牙語翻譯中(不在其他地方)。

  • 管理整個```foo / bar``jociticory的VCS。送交待定的翻譯人員對所有語言進行的更改。

自動團隊分派

While editing the Team, you can specify Automatic assignments, which is a list of regular expressions used to automatically assign newly created users to a team based on their e-mail addresses. This assignment only happens upon account creation.

該功能最常見的用例是將所有新使用者指派給某個預設團隊。此行為用於預設的 UsersGuest 團隊(請參閱 團隊列表)。使用常規表達式 ^.*$ 來匹配所有使用者。

Another use-case for this option might be to give some additional privileges to employees of your company by default. Assuming all of them use corporate e-mail addresses on your domain, this can be accomplished with an expression like ^.*@mycompany.com.

備註

從一個 Weblate 版本升級到另一個版本時,總是會重新建立對 UsersViewers 的使用者團隊指派。如果您想關閉它,將常規表達式設定為 ``^$``(不比對任何內容)。

備註

直到現在,無法透過使用者介面向某些團隊批次新增已現有使用者。為此,您可以使用以下方法 REST API

預設團隊和角色

安裝後,將建立一組預設的團隊(請參閱 團隊列表)。

這些角色和團隊是在安裝時建立的。升級時,內建角色總是透過資料庫遷移以保持最新。你實際上無法變更它們,如果你想定義自己的權限集,請定義一個新角色。

特權列表

範圍

權限

內建角色

帳單(參閱 帳單

檢視帳單資訊

Administration, Billing

更動

下載更動處

Administration

評註

張貼評註

Administration, Edit source, Power user, Review strings, Translate

刪除評註

Administration

解決評註

Administration, Review strings

組件

編輯組件設定

Administration

鎖定組件,防止翻譯

Administration, Manage repository

詞彙表

增加詞彙表條目

Administration, Manage glossary, Power user

增加詞彙表專有名詞

Administration, Manage glossary, Power user

編輯詞彙表條目

Administration, Manage glossary, Power user

刪除詞彙表條目

Administration, Manage glossary, Power user

上傳詞彙表條目

Administration, Manage glossary, Power user

自動建議

使用自動建議

Administration, Edit source, Power user, Review strings, Translate

翻譯記憶

編輯翻譯記憶

Administration, Manage translation memory

刪除翻譯記憶

Administration, Manage translation memory

專案

編輯專案設定

Administration

管理專案存取權

Administration

回報

下載報表

Administration

螢幕擷圖

加入畫面快照

Administration, Manage screenshots

編輯畫面快照

Administration, Manage screenshots

刪除畫面快照

Administration, Manage screenshots

來源字串

編輯額外字串資訊

Administration, Edit source

字串

新增新字串

Administration

移除字串

Administration

略過未通過查核

Administration, Edit source, Power user, Review strings, Translate

編輯字串

Administration, Edit source, Power user, Review strings, Translate

檢閱字串

Administration, Review strings

當施行建議時編輯字串

Administration, Review strings

編輯來源字串

Administration, Edit source, Power user

建議

接受建議

Administration, Edit source, Power user, Review strings, Translate

新增建議

Administration, Edit source, Add suggestion, Power user, Review strings, Translate

刪除建議

Administration, Power user

建議的投票

Administration, Edit source, Power user, Review strings, Translate

翻譯

加入新語言的翻譯

Administration, Power user, Manage languages

執行自動翻譯

Administration, Automatic translation

刪除既有的翻譯

Administration, Manage languages

下載翻譯檔案

Administration, Edit source, Access repository, Power user, Review strings, Translate, Manage languages

加入多種新語言的翻譯

Administration, Manage languages

上傳

定義上傳翻譯的作者

Administration

以上傳內容覆蓋現在的翻譯

Administration, Edit source, Power user, Review strings, Translate

上傳翻譯

Administration, Edit source, Power user, Review strings, Translate

VCS

存取內部儲存庫

Administration, Access repository, Power user, Manage repository

將變更送交到內部儲存庫

Administration, Manage repository

從內部儲存庫推送變更

Administration, Manage repository

重設內部儲存庫中的變更

Administration, Manage repository

檢視上游儲存庫的位置

Administration, Access repository, Power user, Manage repository

更新內部儲存庫

Administration, Manage repository

全網站範圍的特權

使用管理介面

加入新的專案

Add new projects

加入語言定義

管理語言定義

管理團隊

管理使用者

管理角色

管理公告

管理翻譯記憶

管理機器翻譯

管理組件列表

管理付款

管理網站端的附加元件

備註

Site-wide privileges are not granted to any default role. These are powerful and quite close to the Superuser status. Most of them affect all projects in your Weblate installation.

內建角色列表

Administration

View billing info, Download changes, Post comment, Delete comment, Resolve comment, Edit component settings, Lock component, preventing translations, Add glossary entry, Delete glossary entry, Edit glossary entry, Add glossary terminology, Upload glossary entries, Use automatic suggestions, Delete translation memory, Edit translation memory, Edit project settings, Manage project access, Download reports, Add screenshot, Delete screenshot, Edit screenshot, Edit additional string info, Accept suggestion, Add suggestion, Delete suggestion, Vote on suggestion, Add language for translation, Add several languages for translation, Perform automatic translation, Delete existing translation, Download translation file, Add new string, Dismiss failing check, Remove a string, Edit strings, Edit string when suggestions are enforced, Review strings, Edit source strings, Define author of uploaded translation, Overwrite existing strings with upload, Upload translations, Access the internal repository, Commit changes to the internal repository, Push change from the internal repository, Reset changes in the internal repository, Update the internal repository, View upstream repository location

編輯來源

Post comment, Use automatic suggestions, Edit additional string info, Accept suggestion, Add suggestion, Vote on suggestion, Download translation file, Dismiss failing check, Edit strings, Edit source strings, Overwrite existing strings with upload, Upload translations

Add suggestion

Add suggestion

Access repository

Download translation file, Access the internal repository, View upstream repository location

Manage glossary

Add glossary entry, Delete glossary entry, Edit glossary entry, Add glossary terminology, Upload glossary entries

Power user

Post comment, Add glossary entry, Delete glossary entry, Edit glossary entry, Upload glossary entries, Use automatic suggestions, Accept suggestion, Add suggestion, Delete suggestion, Vote on suggestion, Add language for translation, Download translation file, Dismiss failing check, Edit strings, Edit source strings, Overwrite existing strings with upload, Upload translations, Access the internal repository, View upstream repository location

Review strings

Post comment, Resolve comment, Use automatic suggestions, Accept suggestion, Add suggestion, Vote on suggestion, Download translation file, Dismiss failing check, Edit strings, Edit string when suggestions are enforced, Review strings, Overwrite existing strings with upload, Upload translations

Translate

Post comment, Use automatic suggestions, Accept suggestion, Add suggestion, Vote on suggestion, Download translation file, Dismiss failing check, Edit strings, Overwrite existing strings with upload, Upload translations

Manage languages

Add language for translation, Add several languages for translation, Delete existing translation, Download translation file

Automatic translation

Perform automatic translation

Manage translation memory

Delete translation memory, Edit translation memory

Manage screenshots

Add screenshot, Delete screenshot, Edit screenshot

Manage repository

Lock component, preventing translations, Access the internal repository, Commit changes to the internal repository, Push change from the internal repository, Reset changes in the internal repository, Update the internal repository, View upstream repository location

Billing

View billing info

Add new projects

Add new projects

團隊列表

The following teams are created upon installation (or after executing setupgroups) and you are free to modify them. The migration will, however, re-create them if you delete or rename them.

訪客

定義未經身份驗證的使用者權限。

這個團隊只包括匿名使用者(請參見 ANONYMOUS_USER_NAME)。

Remove roles from this team to limit permissions for non-authenticated users.

預設角色: Add suggestion, Access repository

審查員

This role ensures the visibility of public projects to all users. By default, all users are members of this team.

By default, automatic team assignment makes all new accounts members of this team when they join.

預設角色:無

使用者

Default team for all users.

By default, automatic team assignment makes all new accounts members of this team when they join.

預設角色: Power user

審核員

審核員專用的群組(參閱 翻譯工作流 )。

預設角色:審核字串

管理員

管理員專用群組。

預設角色: 管理權限

Project creators

在 5.1 版被加入.

Users who can create new projects.

Default roles: Add new projects

警告

Never remove the predefined Weblate teams and users, as that can lead to unexpected problems! If you have no use for them, simply remove all their privileges instead.

Additional access restrictions

If you want to use your Weblate installation in a less public manner, i.e. allow new users on an invitational basis only, it can be done by configuring Weblate in such a way that only known users have an access to it. In order to do so, you can set REGISTRATION_OPEN to False to prevent registrations of any new users, and set REQUIRE_LOGIN to /.* to require signing in to access all the site pages. This is basically the way to lock your Weblate installation.

提示

您可以使用內建的 :ref:`invite-user`新增使用者。