存取控制
Weblate 具有一個精細的權利系統,可以為整個實例或在有限範圍內分配使用者權限。
在 3.0 版本變更: 在 Weblate 3.0之前的權利系統是基於Django 的,但現在是專門為Weblate構建的。如果你使用的是舊版本,請查閱該版本的文件,此處的資訊將不適用。
簡單的訪問控制
如果你不是管理整個Weblate安裝,而只是有權限管理某些項目(比如在`託管Weblate <https://hosted.weblate.org/>`_),你的存取控制管理選項僅限於以下設定。如果你不需要任何複雜的設定,這些就足夠了。
專案存取控制
備註
This feature is unavailable for projects running the Libre plan on Hosted Weblate.
您可以透過選擇不同的:guilabel:`存取控制`設定來限制使用者對單個項目的存取。可用的選項有:
- 公開
公開可見,但只有已經登入的使用者可以翻譯。
- 受保護
公開可見,但僅對選定使用者可翻譯。
- 私人
僅選定使用者可以瀏覽和翻譯。
- 自訂
:ref:`使用者管理<manage-acl>`功能將被停用;預設情況下,所有使用者都被禁止在專案上進行任何操作。你必須使用:ref:`custom-acl`設定所有的權限。
可以在每個項目的配置(:guilabel:`Manage↓:guilabel:`Settings)的:guilabel:`Access`選項卡中更改Access控制。
可以透過 DEFAULT_ACCESS_CONTROL
修改預設值。
備註
即使對於 “私有” 項目,也會公開有關項目的一些信息: 儘管具有訪問控制設置,所有項目的計數都會包含在整個實例的統計信息和語言摘要裡面。你的項目名稱和其他信息不會暴露。
備註
項目中默認提供“公開”,”受保護”,及“私有”的用戶權限組合, Weblate的實例管理員也可以使用:ref:`custom settings <custom-acl>`進行個性化定制.
也參考
Managing per-project access control
Users with the Manage project access privilege (see List of privileges and built-in roles) can manage users in projects via adding them to the teams. The initial collection of teams is provided by Weblate, but additional ones can be defined providing more fine-grained access control. You can limit teams to languages and assign them designated access roles (see List of privileges and built-in roles).
The following teams are automatically created for every project:
關於‘公開’,‘受保護’,及‘私有’項目:
- 管理
Includes all permissions available for the project.
- 複查 (僅限 :ref:`review workflow <reviews>`設置為打開)
可以在復查時批准翻譯。
只限‘受保護’及‘私有’項目:
- 翻譯
可以翻譯項目,並將離線的翻譯上傳。
- 原文
可以編輯源字符串 (如果在 project settings 中允許的話 )及源字符串信息。
- 語言
Can manage translated languages (add or remove translations).
- 詞彙表
Can manage glossary (add or remove entries, also upload).
- 記憶
Can manage translation memory.
- 畫面快照
Can manage screenshots (add or remove them, and associate them to source strings).
- 自動翻譯
Can use automatic translation.
- VCS
可以管理版本控制系統(VCS)並訪問導出的倉庫。
- 帳單
可以訪問賬單信息和設置(請參見 帳單 )。
這些功能可在 Access control 頁面上找到,頁面訪問路徑為項目 menu Manage ↓ Users。
Team administrators
在 4.15 版本新加入.
Each team can have team administrator, who can add and remove users within the team. This is useful in case you want to build self-governed teams.
New user invitation
Also, besides adding an existing user to the project, it is possible to invite new ones. Any new user will be created immediately, but the account will remain inactive until signing in with a link in the invitation sent via an e-mail. It is not required to have any site-wide privileges in order to do so, access management permission on the project’s scope (e.g. a membership in the Administration team) would be sufficient.
提示
如果被邀請的用戶錯過了邀請的有效性,則可以在密碼重置表單中使用被邀請的電子郵件地址設置密碼,因為已經創建了帳戶。
在 3.11 版本新加入: 重新發送用戶邀請電子郵件是有可能的 (使任何之前發送的邀請無效)。
Blocking users
在 4.7 版本新加入.
In case some users behave badly in your project, you have an option to block them from contributing. The blocked user still will be able to see the project if he has permissions for that, but he won’t be able to contribute.
Per-project permission management
You can set your projects to Protected or Private, and manage users per-project in the Weblate user interface.
By default this prevents Weblate from granting access provided by Users and Viewers default teams due to these teams’ own configuration. This doesn’t prevent you from granting permissions to those projects site-wide by altering default teams, creating a new one, or creating additional custom settings for individual component as described in Custom access control below.
One of the main benefits of managing permissions through the Weblate user interface is that you can delegate it to other users without giving them the superuser privilege. In order to do so, add them to the Administration team of the project.
Custom access control
備註
This feature is unavailable for projects running the Libre plan on Hosted Weblate.
The permission system is based on teams and roles, where roles define a set of permissions, and teams link them to users and translations, see Users, roles, teams, and permissions for more details.
Weberate’s Access Control系統的最強大功能僅通過以下方式提供:REF:Django管理員界面<admin-interface>。您可以使用它來管理任何項目的權限。您不一定必須將其切換到“自定義”:REF:“訪問控制<ACL>”使用它。但是,您必須具有超級用戶權限才能使用它。
如果您對實現的詳細信息不感興趣,並且只想根據默認值創建一個簡單的配置,或者沒有對整個WebBlate安裝的站點廣泛訪問(如“託管的WebLate <https:// hosted.weblate.org/>`_),請參閱:REF:“訪問 - 簡單”部分。
常見設定
此部分包含了一些您可能感興趣的常用配置選項的概覽。
Site-wide permission management
To manage permissions for a whole instance at once, add users to appropriate default teams:
Users (this is done by default by the automatic team assignment).
`審稿人員(如果您使用的是:REF:“評論工作流程<評論>”與專用評論者)。
“經理”(如果您想將大多數管理操作委派給其他人)。
You should keep all projects configured as Public (see 專案存取控制), otherwise the site-wide permissions provided by membership in the Users and Reviewers teams won’t have any effect.
You may also grant some additional permissions of your choice to the default teams. For example, you may want to give a permission to manage screenshots to all the Users.
You can define some new custom teams as well. If you want to keep managing your permissions site-wide for these teams, choose an appropriate value for the Project selection (e.g. All projects or All public projects).
Custom permissions for languages, components or projects
You can create your own dedicated teams to manage permissions for distinct objects such as languages, components, and projects. Although these teams can only grant additional privileges, you can’t revoke any permission granted by site-wide or per-project teams by adding another custom team.
示例:
如果您想要(無論出於何種原因)允許翻譯到特定語言(讓我們說“捷克語”)僅在一組封閉式的可靠翻譯器,同時保持翻譯到其他語言公眾,您將不得不:
Remove the permission to translate Czech from all the users. In the default configuration this can be done by altering the Users default team.
語言選取
As defined
語言
All but Czech
Add a dedicated team for Czech translators.
角色
Power users
專案選取
All public projects
語言選取
As defined
語言
Czech
Add users you wish to give the permissions to into this team.
正如您所看到的,這種方式的權限管理是強大的,但可能是相當繁瑣的工作。除非授予超級用戶權限,否則您無法將其委派給另一個用戶。
Users, roles, teams, and permissions
身份驗證模型包括幾個對象:
- 許可
Weblate 定義的個人權限。權限不能分配給用戶。這只能通過分配角色來完成。
- Role
角色定義為一組權限。這允許在幾個地方重複使用這些組,使管理更容易。
- 使用者
User can belong to several teams.
- 群組
用戶組連接角色、用戶和身份驗證對象(項目、語言和組件列表)。
備註
A team can have no roles assigned to it, in that case access to browse the project by anyone is assumed (see below).
Access for browse to a project
A user has to be a member of a team linked to the project, or any component inside that project. Having membership is enough, no specific permissions are needed to browse the project (this is used in the default Viewers team, see List of teams).
Access for browse to a component
用戶一旦能夠訪問組件的項目,就可以不受限制地訪問組件。 (並將擁有該項目授予用戶的所有權限)。在開啟 受限制的訪問 的情況下,訪問組件需要對該組件(或該組件所在的組件列表)具有顯式權限。
Scope of teams
The scope of the permission assigned by the roles in the teams are applied by the following rules:
If the team specifies any Component list, all the permissions given to members of that team are granted for all the components in the component lists attached to the team, and an access with no additional permissions is granted for all the projects these components are in. Components and Projects are ignored.
If the team specifies any Components, all the permissions given to the members of that team are granted for all the components attached to the team, and an access with no additional permissions is granted for all the projects these components are in. Projects are ignored.
Otherwise, if the team specifies any Projects, either by directly listing them or by having Projects selection set to a value like All public projects, all those permissions are applied to all the projects, which effectively grants the same permissions to access all projects unrestricted components.
The restrictions imposed by a team’s Languages are applied separately, when it’s verified if a user has an access to perform certain actions. Namely, it’s applied only to actions directly related to the translation process itself like reviewing, saving translations, adding suggestions, etc.
提示
使用 Language selection 或 Project selection 來自動包括所有語言或項目。
示例:
Let’s say there is a project
foo
with the components:foo/bar
andfoo/baz
and the following team:
角色
Review Strings, Manage repository
組件
foo/bar
語言
Spanish
Members of that team will have following permissions (assuming the default role settings):
一般(瀏覽)訪問整個項目``foo``,包括它的兩個組件:
foo / bar``和``foo / baz
。審查’foo /酒吧』』s西班牙語翻譯(不是其他地方)的字符串。
管理整個```foo / bar``jociticory的VCS。提交待定的翻譯人員對所有語言進行的更改。
Automatic team assignments
On the bottom of the Group editing page in the Django admin interface, you can specify Automatic team assignments, which is a list of regular expressions used to automatically assign newly created users to a team based on their e-mail addresses. This assignment only happens upon account creation.
The most common use-case for the feature is to assign all new users to some
default team. In order to do so, you will probably want to keep the default
value (^.*$
) in the regular expression field. Another use-case for this option might be to
give some additional privileges to employees of your company by default.
Assuming all of them use corporate e-mail addresses on your domain, this can
be accomplished with an expression like ^.*@mycompany.com
.
備註
Automatic team assignment to Users and Viewers is always recreated
when upgrading from one Weblate version to another. If you want to turn it off, set the regular expression to
^$
(which won’t match anything).
備註
As for now, there is no way to bulk-add already existing users to some team via the user interface. For that, you may resort to using the REST API.
Default teams and roles
After installation, a default set of teams is created (see List of teams).
These roles and teams are created upon installation. The built-in roles are always kept up to date by the database migration when upgrading. You can’t actually change them, please define a new role if you want to define your own set of permissions.
List of privileges and built-in roles
範圍 |
權限 |
角色 |
---|---|---|
Billing (see 帳單) |
檢視帳單資訊 |
Administration, Billing |
更動 |
下載更動處 |
Administration |
評註 |
張貼評註 |
Administration, Edit source, Power user, Review strings, Translate |
刪除評註 |
Administration |
|
解決評註 |
Administration, Review strings |
|
組件 |
編輯組件設定 |
Administration |
鎖定組件,防止翻譯 |
Administration |
|
詞彙表 |
增加詞彙表條目 |
Administration, Manage glossary, Power user |
編輯詞彙表條目 |
Administration, Manage glossary, Power user |
|
刪除詞彙表條目 |
Administration, Manage glossary, Power user |
|
上傳詞彙表條目 |
Administration, Manage glossary, Power user |
|
自動建議 |
使用自動建議 |
Administration, Edit source, Power user, Review strings, Translate |
翻譯記憶 |
編輯翻譯記憶 |
Administration, Manage translation memory |
刪除翻譯記憶 |
Administration, Manage translation memory |
|
專案 |
編輯專案設定 |
Administration |
管理專案存取權 |
Administration |
|
回報 |
下載報表 |
Administration |
畫面快照 |
加入畫面快照 |
Administration, Manage screenshots |
編輯畫面快照 |
Administration, Manage screenshots |
|
刪除畫面快照 |
Administration, Manage screenshots |
|
來源字串 |
編輯額外字串資訊 |
Administration, Edit source |
字串 |
新增新字串 |
Administration |
移除字串 |
Administration |
|
略過未通過查核 |
Administration, Edit source, Power user, Review strings, Translate |
|
編輯字串 |
Administration, Edit source, Power user, Review strings, Translate |
|
檢閱字串 |
Administration, Review strings |
|
當施行建議時編輯字串 |
Administration, Review strings |
|
編輯來源字串 |
Administration, Edit source, Power user |
|
建議 |
接受建議 |
Administration, Edit source, Power user, Review strings, Translate |
新增建議 |
Administration, Edit source, Add suggestion, Power user, Review strings, Translate |
|
刪除建議 |
Administration, Power user |
|
建議的投票 |
Administration, Edit source, Power user, Review strings, Translate |
|
翻譯 |
加入新語言的翻譯 |
Administration, Power user, Manage languages |
執行自動翻譯 |
Administration, Automatic translation |
|
刪除既有的翻譯 |
Administration, Manage languages |
|
下載翻譯檔案 |
Administration, Edit source, Access repository, Power user, Review strings, Translate, Manage languages |
|
加入多種新語言的翻譯 |
Administration, Manage languages |
|
上傳 |
定義上傳翻譯的作者 |
Administration |
以上傳內容覆蓋現在的翻譯 |
Administration, Edit source, Power user, Review strings, Translate |
|
上傳翻譯 |
Administration, Edit source, Power user, Review strings, Translate |
|
VCS |
存取內部儲存庫 |
Administration, Access repository, Power user, Manage repository |
將更動提交到內部儲存庫 |
Administration, Manage repository |
|
從內部儲存庫推入更動 |
Administration, Manage repository |
|
重設內部儲存庫中的更動 |
Administration, Manage repository |
|
檢視上游儲存庫的位置 |
Administration, Access repository, Power user, Manage repository |
|
更新內部儲存庫 |
Administration, Manage repository |
|
全網站範圍的特權 |
使用管理介面 |
|
加入新的專案 |
||
加入語言定義 |
||
管理語言定義 |
||
Manage teams |
||
管理使用者 |
||
管理角色 |
||
管理公告 |
||
管理翻譯記憶 |
||
管理機器翻譯 |
||
管理組件列表 |
備註
站點範圍的特權不會被授予任何默認角色。它們功能強大,非常接近超級用戶的地位。它們中的大多數都會影響到你的 Weblate 安裝中的所有項目。
List of teams
The following teams are created upon installation (or after executing
setupgroups
) and you are free to modify them. The migration will,
however, re-create them if you delete or rename them.
- 訪客
Defines permissions for non-authenticated users.
This team only contains anonymous users (see
ANONYMOUS_USER_NAME
).You can remove roles from this team to limit permissions for non-authenticated users.
默認角色: Add suggestion, Access repository
- Viewers
This role ensures visibility of public projects for all users. By default, all users are members of this team.
By default, automatic team assignment makes all new accounts members of this team when they join.
Default roles: none
- 使用者
Default team for all users.
By default, automatic team assignment makes all new accounts members of this team when they join.
默認角色: Power user
- 校對
复核員的群組(參見 翻譯工作流 )。
默認角色: Review strings
- 管理員
Group for administrators.
Default roles: Administration
警告
Never remove the predefined Weblate teams and users as this can lead to unexpected problems! If you have no use for them, you can removing all their privileges instead.
Additional access restrictions
If you want to use your Weblate installation in a less public manner, i.e. allow
new users on an invitational basis only, it can be done by configuring Weblate
in such a way that only known users have an access to it. In order to do so, you can set
REGISTRATION_OPEN
to False
to prevent registrations of any new
users, and set REQUIRE_LOGIN
to /.*
to require signing in to access
all the site pages. This is basically the way to lock your Weblate installation.
提示
You can use built-in New user invitation to add new users.