Changes between Version 24 and Version 25 of BluePrintAuthorization


Ignore:
Timestamp:
06/19/10 15:17:22 (11 years ago)
Author:
Fran Boon
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • BluePrintAuthorization

    v24 v25  
    225225     * Currently this requires modifying {{{shn_register()}}} in {{{modules/sahana.py}}}
    226226
    227  * An Admin should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region)
     227 * A Developer should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region)
    228228  * Add a special role 'Geographic' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this)
    229    * Patch {{{shn_has_permission()}}} & {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict)
    230 
    231  * An Admin should be able to restrict access to records to just those within a certain organisation (or the Focal Point for the organisation)
     229   * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict)
     230
     231 * A Developer should be able to restrict access to records to just those within a certain organisation (or the Focal Point for the organisation)
    232232  * Add a special role 'Organisation' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this)
    233    * Patch {{{shn_has_permission()}}} & {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict)
     233   * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict)
     234
     235 * A Developer should be able to restrict access to records to just those which the person created
     236  * Add a special role 'Creator' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this)
     237   * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a check between {{{auth.user.id}}} & {{{table.created_by}}}
    234238
    235239 * If access to a record is restricted then access to messages relating to that record should also be restricted