29 | | create : deployment_settings.auth.roles["AdvancedJS"], # This resource requires the 'AdvancedJS' role to create (or admin) |
30 | | delete : deployment_settings.auth.roles["AdvancedJS"], # This resource requires the 'AdvancedJS' role to delete (or admin) |
31 | | update : deployment_settings.auth.roles["AdvancedJS"], # This resource requires the 'AdvancedJS' role to update (or admin) |
| 29 | create : "|%d|" % deployment_settings.auth.roles["AdvancedJS"], # This resource requires the 'AdvancedJS' role to create (or admin) |
| 30 | delete : "|%d|" % deployment_settings.auth.roles["AdvancedJS"], # This resource requires the 'AdvancedJS' role to delete (or admin) |
| 31 | update : "|%d|" % deployment_settings.auth.roles["AdvancedJS"], # This resource requires the 'AdvancedJS' role to update (or admin) |
226 | | * NB If doing this then the roles checks inside {{{shn_has_permission()}}} & {{{shn_accessible_fields()}}} should be modified to read this global value |
| 232 | * NB If doing this then the roles checks inside {{{shn_has_permission()}}} & {{{shn_accessible_fields()}}} should be modified to read this global value instead of more DAL queries (even cached)! |
| 233 | |
| 234 | * A Developer should be able to restrict access to records to just those within a certain '''GIS Location''' (e.g. Country or Region) |
| 235 | * Add a special role 'Geographic' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) |
| 236 | * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict) |
| 237 | |
| 238 | * A Developer should be able to restrict access to records to just those within a certain ''Organisation''' |
| 239 | * This could be all members of the Organisation or just the 'Focal Point' |
| 240 | * Add a special role 'Organisation' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) |
| 241 | * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict) |
| 242 | |
| 243 | * A Developer should be able to restrict access to records to just those which the person created |
| 244 | * Add a special role 'Creator' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) |
| 245 | * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a check between {{{auth.user.id}}} & {{{table.created_by}}} |
247 | | * A Developer should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region) |
248 | | * Add a special role 'Geographic' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) |
249 | | * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict) |
250 | | |
251 | | * A Developer should be able to restrict access to records to just those within a certain organisation (or the Focal Point for the organisation) |
252 | | * Add a special role 'Organisation' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) |
253 | | * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict) |
254 | | |
255 | | * A Developer should be able to restrict access to records to just those which the person created |
256 | | * Add a special role 'Creator' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) |
257 | | * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a check between {{{auth.user.id}}} & {{{table.created_by}}} |
258 | | |