存取控制¶
Weblate comes with a fine-grained privilege system to assign user permissions for the whole instance with predefined roles, or by assigning one or more groups of permissions to users for everything, or individual projects, components, glossaries, and so on.
專案存取控制¶
備註
在託管的 Weblate 上使用免費 Libre 方案的專案都會被設定為 公開 的。如果你想限制對你專案的存取,可以切換到付費方案。
Limit user access to individual projects by selecting a different 存取控制 setting. The available options are:
- Public
任何人都看得到。
任何通過身份驗證的使用者都可以貢獻。
所有人都可能可以存取VCS 儲存庫。
選擇這是開源專案,或是 Weblate 站台是私有或是鎖定。
- Protected
任何人都看得到。
只有選定的使用者可以貢獻。
只有選定的使用者可以存取 VCS 儲存庫。
** 選擇這個增加可見度,但你仍能控制誰來貢獻。**
- Private
只有選定的使用者看得到。
只有選定的使用者可以貢獻。
只有選定的使用者可以存取 VCS 儲存庫。
對於根本不應該公開曝光的專案選擇此選項。
- Custom
只有選定的使用者看得到。
只有選定的使用者可以貢獻。
只有選定的使用者可以存取 VCS 儲存庫。
在託管的 Weblate 上無法使用。
你必須使用 全站存取控制 設定所有權限。
如果您想以一種特定的、精細定制的通道定義訪問,請在你自己的Weblate實例上選擇這個。
可以在每個專案的組態(:guilabel:`Manage↓:guilabel:`Settings)的:guilabel:`Access`選項卡中更改存取控制。
The default can also be changed by setting DEFAULT_ACCESS_CONTROL
.
備註
Even Private project statistics are counted into the site-wide statistics and language summary. This does not reveal project names or any other info.
備註
Instance administrators can modify the default permission sets available to users in Public, Protected, and Private projects by using custom settings.
也參考
管理單一專案的存取控制¶
於`公開`、`保護`與`隱私`專案:
Granting users Manage project access (see 特權列表) allows them to assign other users in Public, Protected and Private (but not Custom) projects via adding them to teams.
These are the default teams provided with Weblate; teams can be added or modified by users with sufficient privileges:
- 管理
All available permissions for the project.
- 檢閱
Approve translations in a review.
僅當啟用 review workflow 時才可用。
只限‘受保護’及‘私有’專案:
- 翻譯
Translate the project and upload translations made offline.
- 原文
Edit source strings (if allowed in the project settings) and source-string info.
- 語言
Manage translated languages (add or remove translations).
- 詞彙表
Manage glossary (add, remove, and upload entries).
- 記憶
管理翻譯記憶。
- 螢幕擷圖
Manage screenshots (add, remove, and associate them to source strings).
- 自動翻譯
可以使用自動翻譯。
- VCS
Manage VCS and access the exported repository.
- 帳單
Access billing info and settings (see 帳單).
These features are available on the Access control page in the project’s menu Manage ↓ Users.
提示
You can limit teams to languages or components, and assign them designated access roles (see 特權列表).
團隊管理員¶
在 4.15 版被加入.
每一團隊可以擁有團隊的管理員,他可以新增或移除團隊中的成員。對於想要建立自治的團隊是很有用的。
邀請新使用者¶
新增現有使用者將向他們發送確認邀請。透過 REGISTRATION_OPEN
,管理員還可以使用電子郵件邀請新使用者。受邀的使用者必須完成註冊程序才能存取該專案。
不需要具有任何站點範圍的權限,就可以這麼做,專案級別的存取管理權限 (如,Administration 組成員資格) 就足夠了。
提示
如果受邀的使用者錯過了邀請的有效期,則必須建立新的邀請。
同樣的邀請函數可以從 管理界面 :guilabel:`使用者`標籤。
在 5.0 版的變更: Weblate 現在不會自動建立帳戶或將使用者新增至團隊。這只會在使用者確認後完成。
禁用使用者¶
在 4.7 版被加入.
If users misbehave in your project, you can block them from contributing. With the relevant permissions blocked, users can still see the project, but won’t be able to contribute.
單一專案權限管理¶
You can set your projects to Protected or Private (see 專案存取控制), and manage users access per-project.
預設情況下,這可以防止 Weblate 授權 Users 和 Viewers 提供 default teams 由於這些團隊所擁有的設定。這不會阻止您透過更改預設團隊,為預設團隊建立新的一個專案,或者為以下單個元件建立其他自定義設定,或者如 全站存取控制 所描述。
其中一個透過 Weblate 使用者介面管理權限的主要好處是,您可以將其委派給其他使用者,而不需要給予他們超級使用者權限。為了這樣做,請將他們加入專案的 Administration 團隊。
全站存取控制¶
備註
此功能在託管的 Weblate 上不可用。
The permission system is based on roles defining a set of permissions, and teams linking roles to users and translations, read 使用者,角色,團隊與權限 for more details.
The most powerful features of the Weblate’s access control system can be configured in the 管理介面. You can use it to manage permissions of any project. You don’t necessarily have to switch it to Custom access control to utilize it. However you must have superuser privileges in order to use it.
如果您對實現的詳細資訊不感興趣,並且只想根據預設值建立一個簡單的組態,或者沒有對整個 Weblate 安裝的站點廣泛存取(如 託管的 Weblate),請參閱 管理單一專案的存取控制。
網站範圍內的權限管理¶
要一次管理整個執行個體的權限,請將使用者新增到合適的 default teams:
使用者 (預設完成於經由 automatic team assignment)。
`審稿人員(如果您使用的是:ref:“評論工作流程<評論>”與專用評論者)。
“經理”(如果您想將大多數管理操作委派給其他人)。
您應該使所有專案設定為 公開`(請參見 :ref:`acl),否則網站層級的權限將對 使用者 與 檢閱者 不會有任何影響。
您還可以賦予您所選擇的一些額外權限到預設群組。例如,您可能希望允許管理所有 使用者 的螢幕截圖。
您也可以定義一些新的自定義團隊。如果您想繼續管理這些團隊的網站範圍內的權限,請選擇適當的 Project selection (如 All projects 或 All public projects )。
為語言、元件或專案自訂權限¶
您可以建立自己的專用團隊來管理不同對象(如語言,元件和專案)的權限。您不能透過新增一組自定義的團隊來撤銷任何來自全站設定的權限或某一團隊的權限,即使這些團隊只能授予額外的權限。
示例:
Restricting translation to Czech to a selected set of translators, (while keeping translations to other languages public):
Remove the permission to translate Czech from all users. In the default configuration this can be done by altering the Users default team.
¶ 語言選取
如定義
語言
除 捷克語 以外
為 捷克語 翻譯新增專門組別。
¶ 角色
超級使用者
專案選取
所有公開專案
語言選取
如定義
語言
捷克語
新增團隊中您希望賦予權限的使用者。
Management permissions this way is powerful, but can be quite a tedious job. You can only delegate it to other users by granting them Superuser status.
使用者,角色,團隊與權限¶
身份驗證模型包括幾個對象:
- 許可
Individual permission defined by Weblate. Permissions cannot be assigned to users, only through assignment of roles.
- 角色
A role defines a set of permissions (and can be reused in several places).
- 使用者
A user can belong to several teams.
- 群組
Groups connect roles and users with authentication objects (projects, languages, components, and component lists).
備註
一個團隊可以沒有分配角色,在這種情況下,假設任何人能存取專案(見下文)。
Project-browsing access¶
使用者必須為團隊成員並團隊連結到專案或任何元件的成員。擁有成員身份就足夠了,瀏覽專案不需要特定的權限(這被用於預設的 檢視者 小組,見 default-groups )。
Component-browsing access¶
Granting browsing access to a user in one project gives it access to any component with derived browsing permissions. With 受限制的存取 on, access to components (or component lists) are granted explicitly.
團隊範圍¶
The scope of the permission assigned by the roles in the teams are applied by the following rules:
如果團隊指定任何 Component list,所有在團隊已賦予到成員的權限也將賦權在團隊裡元件列表中的所有元件。若無額外指定的權限在所有的專案,這些元件在 Components 與 Projects 會被忽略。
使用龐大的組件列表可能會對效能產生影響,請考慮透過專案提供存取權限。
如果該團隊指定任何元件,則為將該團隊的成員提供給團隊的所有元件,對於該團隊的所有元件授予所有權限,並且對於這些元件的所有專案授予沒有額外權限的存取權限。專案被忽略。
否則,如果團隊指定了任何 Projects,無論是直接列出它們還是將 Projects selection 設定為類似 All public projects 的值,所有這些權限都套用於所有專案,這實際上授予了存取所有專案的相同權限 unrestricted components。
The restrictions imposed by a team’s Languages are applied separately, when it’s verified if a user has an access to perform certain actions. Namely, it’s applied only to actions directly related to the translation process itself like reviewing, saving translations, adding suggestions, etc.
提示
使用 Language selection 或 Project selection 來自動包括所有語言或專案。
示例:
A project
foo
with the components:foo/bar
andfoo/baz
, with reviewing and management rights, in the following team:
¶ 角色
審核字串, 管理儲存庫
組件
foo/bar
語言
西班牙語
Members of that team will have these permissions (assuming the default role settings):
一般(瀏覽)存取整個專案``foo``,包括它的兩個元件:
foo / bar``和``foo / baz
。審核字串
foo/bar
在西班牙語翻譯中(不在其他地方)。管理整個```foo / bar``jociticory的VCS。送交待定的翻譯人員對所有語言進行的更改。
自動團隊分派¶
While editing the Team, you can specify Automatic assignments, which is a list of regular expressions used to automatically assign newly created users to a team based on their e-mail addresses. This assignment only happens upon account creation.
該功能最常見的用例是將所有新使用者指派給某個預設團隊。此行為用於預設的 Users 和 Guest 團隊(請參閱 團隊列表)。使用常規表達式 ^.*$
來匹配所有使用者。
Another use-case for this option might be to
give some additional privileges to employees of your company by default.
Assuming all of them use corporate e-mail addresses on your domain, this can
be accomplished with an expression like ^.*@mycompany.com
.
備註
從一個 Weblate 版本升級到另一個版本時,總是會重新建立對 Users 和 Viewers 的使用者團隊指派。如果您想關閉它,將常規表達式設定為 ``^$``(不比對任何內容)。
備註
直到現在,無法透過使用者介面向某些團隊批次新增已現有使用者。為此,您可以使用以下方法 REST API 。
預設團隊和角色¶
安裝後,將建立一組預設的團隊(請參閱 團隊列表)。
這些角色和團隊是在安裝時建立的。升級時,內建角色總是透過資料庫遷移以保持最新。你實際上無法變更它們,如果你想定義自己的權限集,請定義一個新角色。
特權列表¶
範圍 |
權限 |
內建角色 |
---|---|---|
帳單(參閱 帳單) |
檢視帳單資訊 |
Administration, Billing |
更動 |
下載更動處 |
Administration |
評註 |
張貼評註 |
Administration, Edit source, Power user, Review strings, Translate |
刪除評註 |
Administration |
|
解決評註 |
Administration, Review strings |
|
組件 |
編輯組件設定 |
Administration |
鎖定組件,防止翻譯 |
Administration, Manage repository |
|
詞彙表 |
增加詞彙表條目 |
Administration, Manage glossary, Power user |
增加詞彙表專有名詞 |
Administration, Manage glossary, Power user |
|
編輯詞彙表條目 |
Administration, Manage glossary, Power user |
|
刪除詞彙表條目 |
Administration, Manage glossary, Power user |
|
上傳詞彙表條目 |
Administration, Manage glossary, Power user |
|
自動建議 |
使用自動建議 |
Administration, Edit source, Power user, Review strings, Translate |
翻譯記憶 |
編輯翻譯記憶 |
Administration, Manage translation memory |
刪除翻譯記憶 |
Administration, Manage translation memory |
|
專案 |
編輯專案設定 |
Administration |
管理專案存取權 |
Administration |
|
回報 |
下載報表 |
Administration |
螢幕擷圖 |
加入畫面快照 |
Administration, Manage screenshots |
編輯畫面快照 |
Administration, Manage screenshots |
|
刪除畫面快照 |
Administration, Manage screenshots |
|
來源字串 |
編輯額外字串資訊 |
Administration, Edit source |
字串 |
新增新字串 |
Administration |
移除字串 |
Administration |
|
略過未通過查核 |
Administration, Edit source, Power user, Review strings, Translate |
|
編輯字串 |
Administration, Edit source, Power user, Review strings, Translate |
|
檢閱字串 |
Administration, Review strings |
|
當施行建議時編輯字串 |
Administration, Review strings |
|
編輯來源字串 |
Administration, Edit source, Power user |
|
建議 |
接受建議 |
Administration, Edit source, Power user, Review strings, Translate |
新增建議 |
Administration, Edit source, Add suggestion, Power user, Review strings, Translate |
|
刪除建議 |
Administration, Power user |
|
建議的投票 |
Administration, Edit source, Power user, Review strings, Translate |
|
翻譯 |
加入新語言的翻譯 |
Administration, Power user, Manage languages |
執行自動翻譯 |
Administration, Automatic translation |
|
刪除既有的翻譯 |
Administration, Manage languages |
|
下載翻譯檔案 |
Administration, Edit source, Access repository, Power user, Review strings, Translate, Manage languages |
|
加入多種新語言的翻譯 |
Administration, Manage languages |
|
上傳 |
定義上傳翻譯的作者 |
Administration |
以上傳內容覆蓋現在的翻譯 |
Administration, Edit source, Power user, Review strings, Translate |
|
上傳翻譯 |
Administration, Edit source, Power user, Review strings, Translate |
|
VCS |
存取內部儲存庫 |
Administration, Access repository, Power user, Manage repository |
將變更送交到內部儲存庫 |
Administration, Manage repository |
|
從內部儲存庫推送變更 |
Administration, Manage repository |
|
重設內部儲存庫中的變更 |
Administration, Manage repository |
|
檢視上游儲存庫的位置 |
Administration, Access repository, Power user, Manage repository |
|
更新內部儲存庫 |
Administration, Manage repository |
|
全網站範圍的特權 |
使用管理介面 |
|
加入新的專案 |
Add new projects |
|
加入語言定義 |
||
管理語言定義 |
||
管理團隊 |
||
管理使用者 |
||
管理角色 |
||
管理公告 |
||
管理翻譯記憶 |
||
管理機器翻譯 |
||
管理組件列表 |
||
管理付款 |
||
管理網站端的附加元件 |
備註
Site-wide privileges are not granted to any default role. These are powerful and quite close to the Superuser status. Most of them affect all projects in your Weblate installation.
內建角色列表¶
- Administration
View billing info, Download changes, Post comment, Delete comment, Resolve comment, Edit component settings, Lock component, preventing translations, Add glossary entry, Delete glossary entry, Edit glossary entry, Add glossary terminology, Upload glossary entries, Use automatic suggestions, Delete translation memory, Edit translation memory, Edit project settings, Manage project access, Download reports, Add screenshot, Delete screenshot, Edit screenshot, Edit additional string info, Accept suggestion, Add suggestion, Delete suggestion, Vote on suggestion, Add language for translation, Add several languages for translation, Perform automatic translation, Delete existing translation, Download translation file, Add new string, Dismiss failing check, Remove a string, Edit strings, Edit string when suggestions are enforced, Review strings, Edit source strings, Define author of uploaded translation, Overwrite existing strings with upload, Upload translations, Access the internal repository, Commit changes to the internal repository, Push change from the internal repository, Reset changes in the internal repository, Update the internal repository, View upstream repository location
- 編輯來源
Post comment, Use automatic suggestions, Edit additional string info, Accept suggestion, Add suggestion, Vote on suggestion, Download translation file, Dismiss failing check, Edit strings, Edit source strings, Overwrite existing strings with upload, Upload translations
- Add suggestion
Add suggestion
- Access repository
Download translation file, Access the internal repository, View upstream repository location
- Manage glossary
Add glossary entry, Delete glossary entry, Edit glossary entry, Add glossary terminology, Upload glossary entries
- Power user
Post comment, Add glossary entry, Delete glossary entry, Edit glossary entry, Upload glossary entries, Use automatic suggestions, Accept suggestion, Add suggestion, Delete suggestion, Vote on suggestion, Add language for translation, Download translation file, Dismiss failing check, Edit strings, Edit source strings, Overwrite existing strings with upload, Upload translations, Access the internal repository, View upstream repository location
- Review strings
Post comment, Resolve comment, Use automatic suggestions, Accept suggestion, Add suggestion, Vote on suggestion, Download translation file, Dismiss failing check, Edit strings, Edit string when suggestions are enforced, Review strings, Overwrite existing strings with upload, Upload translations
- Translate
Post comment, Use automatic suggestions, Accept suggestion, Add suggestion, Vote on suggestion, Download translation file, Dismiss failing check, Edit strings, Overwrite existing strings with upload, Upload translations
- Manage languages
Add language for translation, Add several languages for translation, Delete existing translation, Download translation file
- Automatic translation
Perform automatic translation
- Manage translation memory
Delete translation memory, Edit translation memory
- Manage screenshots
Add screenshot, Delete screenshot, Edit screenshot
- Manage repository
Lock component, preventing translations, Access the internal repository, Commit changes to the internal repository, Push change from the internal repository, Reset changes in the internal repository, Update the internal repository, View upstream repository location
- Billing
View billing info
- Add new projects
Add new projects
團隊列表¶
The following teams are created upon installation (or after executing
setupgroups
) and you are free to modify them. The migration will,
however, re-create them if you delete or rename them.
- 訪客
定義未經身份驗證的使用者權限。
這個團隊只包括匿名使用者(請參見
ANONYMOUS_USER_NAME
)。Remove roles from this team to limit permissions for non-authenticated users.
預設角色: Add suggestion, Access repository
- 審查員
This role ensures the visibility of public projects to all users. By default, all users are members of this team.
By default, automatic team assignment makes all new accounts members of this team when they join.
預設角色:無
- 使用者
Default team for all users.
By default, automatic team assignment makes all new accounts members of this team when they join.
預設角色: Power user
- 審核員
審核員專用的群組(參閱 翻譯工作流 )。
預設角色:審核字串
- 管理員
管理員專用群組。
預設角色: 管理權限
- Project creators
在 5.1 版被加入.
Users who can create new projects.
Default roles: Add new projects
警告
Never remove the predefined Weblate teams and users, as that can lead to unexpected problems! If you have no use for them, simply remove all their privileges instead.
Additional access restrictions¶
If you want to use your Weblate installation in a less public manner, i.e. allow
new users on an invitational basis only, it can be done by configuring Weblate
in such a way that only known users have an access to it. In order to do so, you can set
REGISTRATION_OPEN
to False
to prevent registrations of any new
users, and set REQUIRE_LOGIN
to /.*
to require signing in to access
all the site pages. This is basically the way to lock your Weblate installation.
提示
您可以使用內建的 :ref:`invite-user`新增使用者。