Changes between Version 29 and Version 30 of BluePrintAuthorization
- Timestamp:
- 06/19/10 17:03:50 (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BluePrintAuthorization
v29 v30 232 232 * NB If doing this then the roles checks inside {{{shn_has_permission()}}} & {{{shn_accessible_fields()}}} should be modified to read this global value instead of more DAL queries (even cached)! 233 233 234 * A Developer should be able to restrict access to records to just those within a certain '''GIS Location''' (e.g. Country or Region) 234 * A Developer should be able to restrict access to records to just those within a certain '''GIS Location''' (e.g. Country or Region): 235 235 * Add a special role 'Geographic' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) 236 236 * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict) 237 237 238 * A Developer should be able to restrict access to records to just those within a certain '' Organisation'''238 * A Developer should be able to restrict access to records to just those within a certain '''Organisation''': 239 239 * This could be all members of the Organisation or just the 'Focal Point' 240 240 * Add a special role 'Organisation' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) 241 241 * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict) 242 242 243 * A Developer should be able to restrict access to records to just those which the person created243 * A Developer should be able to restrict access to records to just those which the person '''Created''': 244 244 * Add a special role 'Creator' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this) 245 245 * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a check between {{{auth.user.id}}} & {{{table.created_by}}} 246 247 * Ideally options which a user doesn't have permission for should be hidden from them. 248 * ~~Modules are hidden from Modules menu & front page~~ 249 * ~~Action buttons in tables only show 'Details' for unauthenticated users, but 'Update'/'Delete' for authenticated ones~~ 250 * ideally would distinguish per record if some records restricted (We already pull the data for the rows, so need to ensure SQL query includes relevant fields & that we act upon them) 251 * Controller menus should be adjusted (currently done manually => harder maintenance) 252 * Views should be adjusted (currently done manually => harder maintenance) 246 253 247 254 === Specific Examples ===