Changes between Version 20 and Version 21 of BluePrintAuthorization


Ignore:
Timestamp:
06/19/10 14:57:03 (14 years ago)
Author:
Fran Boon
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • BluePrintAuthorization

    v20 v21  
    199199 * A Person's Contacts shouldn't be visible by default.
    200200  * Authenticated is OK
    201    * Simply add the Authenticated group (2) to the table (or records in the table?)
     201   * Simply add the Authenticated group (2) to the table (or records in the table if using Option 3)
    202202   * ~~This requires all authenticated users to be added to the 'Authenticated' group~~
    203203
    204204 * A Person's Subscriptions shouldn't be visible by default.
    205205  * Admin or themselves is OK
    206    * This requires the default of adding 1 group per user!
    207     * In {{{models/00_settings.py}}}: {{{auth.settings.create_user_groups = False}}}
     206   * Option A: restore the web2py default of adding 1 group per user!
     207    * In {{{models/00_settings.py}}}: {{{auth.settings.create_user_groups = True}}}
    208208    * Check using {{{auth.user_group(auth.user.id)}}}
    209209    * Filter these out of our views?
     210   * Option B: use the link from subscription to person & do manual check somewhere
     211    * ''tbc''
     212  * We may want to allow people to be subscribed to things by others.
     213   * This would need a 'Subscriber Admin' role
     214    * We could give this role to all registered users by default if we Hook into the registration onaccept
     215     * Currently this requires modifying {{{shn_register()}}} in {{{modules/sahana.py}}}
    210216
    211217 * An Admin should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region)
     218  * Add a special role 'Geographic' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this)
     219   * Patch {{{shn_has_permission()}}} & {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict)
    212220
    213221 * If access to a record is restricted then access to messages relating to that record should also be restricted