Changes between Version 14 and Version 15 of BluePrintAuthorization
- Timestamp:
- 06/18/10 21:08:43 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BluePrintAuthorization
v14 v15 49 49 * Add 2 reusable {{{multiple=True}}} fields to each table which needs this: {{{reader_id}}} & {{{writer_id}}} combined as {{{permissions_id}}} 50 50 * Full backward compatibility since they default to None 51 * reader_id checked with a new API function 51 * reader_id checked with a new API function (called from shn_read() & shn_list(), but also available for other functions) 52 52 * combine with the {{{deleted==True}}} check? 53 53 * makes it easier to then replace that check with an 'inactive' field which is a date instead of a boolean, so that records can be set to expire (as well as giving us easy access to know when a record was deleted) … … 93 93 * Advantage: Might have better performance than complex DB string? 94 94 * Disadvantage: More records pulled from DB than necessary 95 * writer_id check : All Write access goes via S3XRC so can be checked there (we can also develop an API call for Manual DAL access?)95 * writer_id checked with a new API function (called from shn_update(), but also available for other functions) 96 96 * UI to manage the fields. 97 97 * We expect relatively few groups per instance, so can use the checkboxes widget? 98 98 * Have a single checkbox for 'Restrict access' which then opens out the 2 fields. 99 99 100 === Specific Examples === 100 101 * A Person's Contacts shouldn't be visible by default. … … 102 103 * Simply add the Authenticated group (2) to the table (or records in the table?) 103 104 * ~~This requires all authenticated users to be added to the 'Authenticated' group~~ 105 104 106 * A Person's Subscriptions shouldn't be visible by default. 105 107 * Admin or themselves is OK 106 108 * This requires the default of adding 1 group per user!? 109 107 110 * An Admin should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region) 111 108 112 * If access to a record is restricted then access to messages relating to that record should also be restricted 109 113 * unless routed somewhere visible as well! 110 114 * onaccept on message routing (tagging) to check if the only tags are on restricted resources...if they are then restrict the message too. 115 111 116 * Some tables should be writable by unauthenticated users (writable=|0|) 112 117 * Need special handling for this in shn_create/shn_update? 118 * Might need to differentiate the 2 (can deposit new but not edit existing) 113 119 ---- 114 120 BluePrintAuthenticationAccess