Changes between Version 20 and Version 21 of BluePrintAuthorization

Timestamp:

06/19/10 14:57:03 (14 years ago)

Author:

Fran Boon

Comment:

--

BluePrintAuthorization

@@ -199 +199 @@
  * A Person's Contacts shouldn't be visible by default.
   * Authenticated is OK
-   * Simply add the Authenticated group (2) to the table (or records in the table?)
+   * Simply add the Authenticated group (2) to the table (or records in the table if using Option 3)
    * ~~This requires all authenticated users to be added to the 'Authenticated' group~~
 
  * A Person's Subscriptions shouldn't be visible by default.
   * Admin or themselves is OK
-   * This requires the default of adding 1 group per user!
-    * In {{{models/00_settings.py}}}: {{{auth.settings.create_user_groups = False}}}
+   * Option A: restore the web2py default of adding 1 group per user!
+    * In {{{models/00_settings.py}}}: {{{auth.settings.create_user_groups = True}}}
     * Check using {{{auth.user_group(auth.user.id)}}}
     * Filter these out of our views?
+   * Option B: use the link from subscription to person & do manual check somewhere
+    * ''tbc''
+  * We may want to allow people to be subscribed to things by others.
+   * This would need a 'Subscriber Admin' role
+    * We could give this role to all registered users by default if we Hook into the registration onaccept
+     * Currently this requires modifying {{{shn_register()}}} in {{{modules/sahana.py}}}
 
  * An Admin should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region)
+  * Add a special role 'Geographic' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this)
+   * Patch {{{shn_has_permission()}}} & {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict)
 
  * If access to a record is restricted then access to messages relating to that record should also be restricted