Changes between Version 14 and Version 15 of BluePrintAuthorization


Ignore:
Timestamp:
06/18/10 21:08:43 (14 years ago)
Author:
Fran Boon
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • BluePrintAuthorization

    v14 v15  
    4949  * Add 2 reusable {{{multiple=True}}} fields to each table which needs this: {{{reader_id}}} & {{{writer_id}}} combined as {{{permissions_id}}}
    5050   * Full backward compatibility since they default to None
    51   * reader_id checked with a new API function
     51  * reader_id checked with a new API function (called from shn_read() & shn_list(), but also available for other functions)
    5252   * combine with the {{{deleted==True}}} check?
    5353    * makes it easier to then replace that check with an 'inactive' field which is a date instead of a boolean, so that records can be set to expire (as well as giving us easy access to know when a record was deleted)
     
    9393    * Advantage: Might have better performance than complex DB string?
    9494    * Disadvantage: More records pulled from DB than necessary
    95   * writer_id check: All Write access goes via S3XRC so can be checked there (we can also develop an API call for Manual DAL access?)
     95  * writer_id checked with a new API function (called from shn_update(), but also available for other functions)
    9696  * UI to manage the fields.
    9797   * We expect relatively few groups per instance, so can use the checkboxes widget?
    9898   * Have a single checkbox for 'Restrict access' which then opens out the 2 fields.
     99
    99100=== Specific Examples ===
    100101 * A Person's Contacts shouldn't be visible by default.
     
    102103   * Simply add the Authenticated group (2) to the table (or records in the table?)
    103104   * ~~This requires all authenticated users to be added to the 'Authenticated' group~~
     105
    104106 * A Person's Subscriptions shouldn't be visible by default.
    105107  * Admin or themselves is OK
    106108   * This requires the default of adding 1 group per user!?
     109
    107110 * An Admin should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region)
     111
    108112 * If access to a record is restricted then access to messages relating to that record should also be restricted
    109113  * unless routed somewhere visible as well!
    110114  * onaccept on message routing (tagging) to check if the only tags are on restricted resources...if they are then restrict the message too.
     115
    111116 * Some tables should be writable by unauthenticated users (writable=|0|)
    112117  * Need special handling for this in shn_create/shn_update?
     118   * Might need to differentiate the 2 (can deposit new but not edit existing)
    113119----
    114120BluePrintAuthenticationAccess