存取控制

Weblate 具有一個精細的權利系統,可以為整個實例或在有限範圍內分配使用者權限。

在 3.0 版本變更: 在 Weblate 3.0之前的權利系統是基於Django 的,但現在是專門為Weblate構建的。如果你使用的是舊版本,請查閱該版本的文件,此處的資訊將不適用。

簡單的訪問控制

如果你不是管理整個Weblate安裝,而只是有權限管理某些項目(比如在`託管Weblate <https://hosted.weblate.org/>`_),你的存取控制管理選項僅限於以下設定。如果你不需要任何複雜的設定,這些就足夠了。

專案存取控制

備註

This feature is unavailable for projects running the Libre plan on Hosted Weblate.

您可以透過選擇不同的:guilabel:`存取控制`設定來限制使用者對單個項目的存取。可用的選項有:

公開

公開可見,但只有已經登入的使用者可以翻譯。

受保護

公開可見,但僅對選定使用者可翻譯。

私人

僅選定使用者可以瀏覽和翻譯。

自訂

:ref:`使用者管理<manage-acl>`功能將被停用;預設情況下,所有使用者都被禁止在專案上進行任何操作。你必須使用:ref:`custom-acl`設定所有的權限。

可以在每個項目的配置(:guilabel:`Manage↓:guilabel:`Settings)的:guilabel:`Access`選項卡中更改Access控制。

../_images/project-access.png

可以透過 DEFAULT_ACCESS_CONTROL 修改預設值。

備註

即使對於 “私有” 項目,也會公開有關項目的一些信息: 儘管具有訪問控制設置,所有項目的計數都會包含在整個實例的統計信息和語言摘要裡面。你的項目名稱和其他信息不會暴露。

備註

項目中默認提供“公開”,”受保護”,及“私有”的用戶權限組合, Weblate的實例管理員也可以使用:ref:`custom settings <custom-acl>`進行個性化定制.

也參考

存取控制

Managing per-project access control

Users with the Manage project access privilege (see List of privileges and built-in roles) can manage users in projects via adding them to the teams. The initial collection of teams is provided by Weblate, but additional ones can be defined providing more fine-grained access control. You can limit teams to languages and assign them designated access roles (see List of privileges and built-in roles).

The following teams are automatically created for every project:

關於‘公開’,‘受保護’,及‘私有’項目:

管理

Includes all permissions available for the project.

複查 (僅限 :ref:`review workflow <reviews>`設置為打開)

可以在復查時批准翻譯。

只限‘受保護’及‘私有’項目:

翻譯

可以翻譯項目,並將離線的翻譯上傳。

原文

可以編輯源字符串 (如果在 project settings 中允許的話 )及源字符串信息。

語言

Can manage translated languages (add or remove translations).

詞彙表

Can manage glossary (add or remove entries, also upload).

記憶

Can manage translation memory.

畫面快照

Can manage screenshots (add or remove them, and associate them to source strings).

自動翻譯

Can use automatic translation.

VCS

可以管理版本控制系統(VCS)並訪問導出的倉庫。

帳單

可以訪問賬單信息和設置(請參見 帳單 )。

../_images/manage-users.png

這些功能可在 Access control 頁面上找到,頁面訪問路徑為項目 menu ManageUsers

Team administrators

在 4.15 版本新加入.

Each team can have team administrator, who can add and remove users within the team. This is useful in case you want to build self-governed teams.

New user invitation

Also, besides adding an existing user to the project, it is possible to invite new ones. Any new user will be created immediately, but the account will remain inactive until signing in with a link in the invitation sent via an e-mail. It is not required to have any site-wide privileges in order to do so, access management permission on the project’s scope (e.g. a membership in the Administration team) would be sufficient.

提示

如果被邀請的用戶錯過了邀請的有效性,則可以在密碼重置表單中使用被邀請的電子郵件地址設置密碼,因為已經創建了帳戶。

在 3.11 版本新加入: 重新發送用戶邀請電子郵件是有可能的 (使任何之前發送的邀請無效)。

同樣的邀請函數可以從 管理界面 :guilabel:`用戶`標籤。

Blocking users

在 4.7 版本新加入.

In case some users behave badly in your project, you have an option to block them from contributing. The blocked user still will be able to see the project if he has permissions for that, but he won’t be able to contribute.

Per-project permission management

You can set your projects to Protected or Private, and manage users per-project in the Weblate user interface.

By default this prevents Weblate from granting access provided by Users and Viewers default teams due to these teams’ own configuration. This doesn’t prevent you from granting permissions to those projects site-wide by altering default teams, creating a new one, or creating additional custom settings for individual component as described in Custom access control below.

One of the main benefits of managing permissions through the Weblate user interface is that you can delegate it to other users without giving them the superuser privilege. In order to do so, add them to the Administration team of the project.

Custom access control

備註

This feature is unavailable for projects running the Libre plan on Hosted Weblate.

The permission system is based on teams and roles, where roles define a set of permissions, and teams link them to users and translations, see Users, roles, teams, and permissions for more details.

Weberate’s Access Control系統的最強大功能僅通過以下方式提供:REF:Django管理員界面<admin-interface>。您可以使用它來管理任何項目的權限。您不一定必須將其切換到“自定義”:REF:“訪問控制<ACL>”使用它。但是,您必須具有超級用戶權限才能使用它。

如果您對實現的詳細信息不感興趣,並且只想根據默認值創建一個簡單的配置,或者沒有對整個WebBlate安裝的站點廣泛訪問(如“託管的WebLate <https:// hosted.weblate.org/>`_),請參閱:REF:“訪問 - 簡單”部分。

常見設定

此部分包含了一些您可能感興趣的常用配置選項的概覽。

Site-wide permission management

To manage permissions for a whole instance at once, add users to appropriate default teams:

  • Users (this is done by default by the automatic team assignment).

  • `審稿人員(如果您使用的是:REF:“評論工作流程<評論>”與專用評論者)。

  • “經理”(如果您想將大多數管理操作委派給其他人)。

You should keep all projects configured as Public (see 專案存取控制), otherwise the site-wide permissions provided by membership in the Users and Reviewers teams won’t have any effect.

You may also grant some additional permissions of your choice to the default teams. For example, you may want to give a permission to manage screenshots to all the Users.

You can define some new custom teams as well. If you want to keep managing your permissions site-wide for these teams, choose an appropriate value for the Project selection (e.g. All projects or All public projects).

Custom permissions for languages, components or projects

You can create your own dedicated teams to manage permissions for distinct objects such as languages, components, and projects. Although these teams can only grant additional privileges, you can’t revoke any permission granted by site-wide or per-project teams by adding another custom team.

示例:

如果您想要(無論出於何種原因)允許翻譯到特定語言(讓我們說“捷克語”)僅在一組封閉式的可靠翻譯器,同時保持翻譯到其他語言公眾,您將不得不:

  1. Remove the permission to translate Czech from all the users. In the default configuration this can be done by altering the Users default team.

    Group Users

    語言選取

    As defined

    語言

    All but Czech

  1. Add a dedicated team for Czech translators.

    Group Czech translators

    角色

    Power users

    專案選取

    All public projects

    語言選取

    As defined

    語言

    Czech

  1. Add users you wish to give the permissions to into this team.

正如您所看到的,這種方式的權限管理是強大的,但可能是相當繁瑣的工作。除非授予超級用戶權限,否則您無法將其委派給另一個用戶。

Users, roles, teams, and permissions

身份驗證模型包括幾個對象:

許可

Weblate 定義的個人權限。權限不能分配給用戶。這只能通過分配角色來完成。

Role

角色定義為一組權限。這允許在幾個地方重複使用這些組,使管理更容易。

使用者

User can belong to several teams.

群組

用戶組連接角色、用戶和身份驗證對象(項目、語言和組件列表)。

graph auth { "User" -- "Group"; "Group" -- "Role"; "Role" -- "Permission"; "Group" -- "Project"; "Group" -- "Language"; "Group" -- "Components"; "Group" -- "Component list"; }

備註

A team can have no roles assigned to it, in that case access to browse the project by anyone is assumed (see below).

Access for browse to a project

A user has to be a member of a team linked to the project, or any component inside that project. Having membership is enough, no specific permissions are needed to browse the project (this is used in the default Viewers team, see List of teams).

Access for browse to a component

用戶一旦能夠訪問組件的項目,就可以不受限制地訪問組件。 (並將擁有該項目授予用戶的所有權限)。在開啟 受限制的訪問 的情況下,訪問組件需要對該組件(或該組件所在的組件列表)具有顯式權限。

Scope of teams

The scope of the permission assigned by the roles in the teams are applied by the following rules:

  • If the team specifies any Component list, all the permissions given to members of that team are granted for all the components in the component lists attached to the team, and an access with no additional permissions is granted for all the projects these components are in. Components and Projects are ignored.

  • If the team specifies any Components, all the permissions given to the members of that team are granted for all the components attached to the team, and an access with no additional permissions is granted for all the projects these components are in. Projects are ignored.

  • Otherwise, if the team specifies any Projects, either by directly listing them or by having Projects selection set to a value like All public projects, all those permissions are applied to all the projects, which effectively grants the same permissions to access all projects unrestricted components.

  • The restrictions imposed by a team’s Languages are applied separately, when it’s verified if a user has an access to perform certain actions. Namely, it’s applied only to actions directly related to the translation process itself like reviewing, saving translations, adding suggestions, etc.

提示

使用 Language selectionProject selection 來自動包括所有語言或項目。

示例:

Let’s say there is a project foo with the components: foo/bar and foo/baz and the following team:

Group Spanish Admin-Reviewers

角色

Review Strings, Manage repository

組件

foo/bar

語言

Spanish

Members of that team will have following permissions (assuming the default role settings):

  • 一般(瀏覽)訪問整個項目``foo``,包括它的兩個組件:foo / bar``和``foo / baz

  • 審查’foo /酒吧』』s西班牙語翻譯(不是其他地方)的字符串。

  • 管理整個```foo / bar``jociticory的VCS。提交待定的翻譯人員對所有語言進行的更改。

Automatic team assignments

On the bottom of the Group editing page in the Django admin interface, you can specify Automatic team assignments, which is a list of regular expressions used to automatically assign newly created users to a team based on their e-mail addresses. This assignment only happens upon account creation.

The most common use-case for the feature is to assign all new users to some default team. In order to do so, you will probably want to keep the default value (^.*$) in the regular expression field. Another use-case for this option might be to give some additional privileges to employees of your company by default. Assuming all of them use corporate e-mail addresses on your domain, this can be accomplished with an expression like ^.*@mycompany.com.

備註

Automatic team assignment to Users and Viewers is always recreated when upgrading from one Weblate version to another. If you want to turn it off, set the regular expression to ^$ (which won’t match anything).

備註

As for now, there is no way to bulk-add already existing users to some team via the user interface. For that, you may resort to using the REST API.

Default teams and roles

After installation, a default set of teams is created (see List of teams).

These roles and teams are created upon installation. The built-in roles are always kept up to date by the database migration when upgrading. You can’t actually change them, please define a new role if you want to define your own set of permissions.

List of privileges and built-in roles

範圍

權限

角色

Billing (see 帳單)

檢視帳單資訊

Administration, Billing

更動

下載更動處

Administration

評註

張貼評註

Administration, Edit source, Power user, Review strings, Translate

刪除評註

Administration

解決評註

Administration, Review strings

組件

編輯組件設定

Administration

鎖定組件,防止翻譯

Administration

詞彙表

增加詞彙表條目

Administration, Manage glossary, Power user

編輯詞彙表條目

Administration, Manage glossary, Power user

刪除詞彙表條目

Administration, Manage glossary, Power user

上傳詞彙表條目

Administration, Manage glossary, Power user

自動建議

使用自動建議

Administration, Edit source, Power user, Review strings, Translate

翻譯記憶

編輯翻譯記憶

Administration, Manage translation memory

刪除翻譯記憶

Administration, Manage translation memory

專案

編輯專案設定

Administration

管理專案存取權

Administration

回報

下載報表

Administration

畫面快照

加入畫面快照

Administration, Manage screenshots

編輯畫面快照

Administration, Manage screenshots

刪除畫面快照

Administration, Manage screenshots

來源字串

編輯額外字串資訊

Administration, Edit source

字串

新增新字串

Administration

移除字串

Administration

略過未通過查核

Administration, Edit source, Power user, Review strings, Translate

編輯字串

Administration, Edit source, Power user, Review strings, Translate

檢閱字串

Administration, Review strings

當施行建議時編輯字串

Administration, Review strings

編輯來源字串

Administration, Edit source, Power user

建議

接受建議

Administration, Edit source, Power user, Review strings, Translate

新增建議

Administration, Edit source, Add suggestion, Power user, Review strings, Translate

刪除建議

Administration, Power user

建議的投票

Administration, Edit source, Power user, Review strings, Translate

翻譯

加入新語言的翻譯

Administration, Power user, Manage languages

執行自動翻譯

Administration, Automatic translation

刪除既有的翻譯

Administration, Manage languages

下載翻譯檔案

Administration, Edit source, Access repository, Power user, Review strings, Translate, Manage languages

加入多種新語言的翻譯

Administration, Manage languages

上傳

定義上傳翻譯的作者

Administration

以上傳內容覆蓋現在的翻譯

Administration, Edit source, Power user, Review strings, Translate

上傳翻譯

Administration, Edit source, Power user, Review strings, Translate

VCS

存取內部儲存庫

Administration, Access repository, Power user, Manage repository

將更動提交到內部儲存庫

Administration, Manage repository

從內部儲存庫推入更動

Administration, Manage repository

重設內部儲存庫中的更動

Administration, Manage repository

檢視上游儲存庫的位置

Administration, Access repository, Power user, Manage repository

更新內部儲存庫

Administration, Manage repository

全網站範圍的特權

使用管理介面

加入新的專案

加入語言定義

管理語言定義

Manage teams

管理使用者

管理角色

管理公告

管理翻譯記憶

管理機器翻譯

管理組件列表

備註

站點範圍的特權不會被授予任何默認角色。它們功能強大,非常接近超級用戶的地位。它們中的大多數都會影響到你的 Weblate 安裝中的所有項目。

List of teams

The following teams are created upon installation (or after executing setupgroups) and you are free to modify them. The migration will, however, re-create them if you delete or rename them.

訪客

Defines permissions for non-authenticated users.

This team only contains anonymous users (see ANONYMOUS_USER_NAME).

You can remove roles from this team to limit permissions for non-authenticated users.

默認角色: Add suggestion, Access repository

Viewers

This role ensures visibility of public projects for all users. By default, all users are members of this team.

By default, automatic team assignment makes all new accounts members of this team when they join.

Default roles: none

使用者

Default team for all users.

By default, automatic team assignment makes all new accounts members of this team when they join.

默認角色: Power user

校對

复核員的群組(參見 翻譯工作流 )。

默認角色: Review strings

管理員

Group for administrators.

Default roles: Administration

警告

Never remove the predefined Weblate teams and users as this can lead to unexpected problems! If you have no use for them, you can removing all their privileges instead.

Additional access restrictions

If you want to use your Weblate installation in a less public manner, i.e. allow new users on an invitational basis only, it can be done by configuring Weblate in such a way that only known users have an access to it. In order to do so, you can set REGISTRATION_OPEN to False to prevent registrations of any new users, and set REQUIRE_LOGIN to /.* to require signing in to access all the site pages. This is basically the way to lock your Weblate installation.

提示

You can use built-in New user invitation to add new users.