Changes between Version 20 and Version 21 of BluePrintAuthorization
- Timestamp:
- 06/19/10 14:57:03 (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BluePrintAuthorization
v20 v21 199 199 * A Person's Contacts shouldn't be visible by default. 200 200 * Authenticated is OK 201 * Simply add the Authenticated group (2) to the table (or records in the table ?)201 * Simply add the Authenticated group (2) to the table (or records in the table if using Option 3) 202 202 * ~~This requires all authenticated users to be added to the 'Authenticated' group~~ 203 203 204 204 * A Person's Subscriptions shouldn't be visible by default. 205 205 * Admin or themselves is OK 206 * This requires thedefault of adding 1 group per user!207 * In {{{models/00_settings.py}}}: {{{auth.settings.create_user_groups = False}}}206 * Option A: restore the web2py default of adding 1 group per user! 207 * In {{{models/00_settings.py}}}: {{{auth.settings.create_user_groups = True}}} 208 208 * Check using {{{auth.user_group(auth.user.id)}}} 209 209 * Filter these out of our views? 210 * Option B: use the link from subscription to person & do manual check somewhere 211 * ''tbc'' 212 * We may want to allow people to be subscribed to things by others. 213 * This would need a 'Subscriber Admin' role 214 * We could give this role to all registered users by default if we Hook into the registration onaccept 215 * Currently this requires modifying {{{shn_register()}}} in {{{modules/sahana.py}}} 210 216 211 217 * An Admin should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region) 218 * Add a special role 'Geographic' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) 219 * Patch {{{shn_has_permission()}}} & {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict) 212 220 213 221 * If access to a record is restricted then access to messages relating to that record should also be restricted