Changes between Version 29 and Version 30 of BluePrintAuthorization


Ignore:
Timestamp:
06/19/10 17:03:50 (14 years ago)
Author:
Fran Boon
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • BluePrintAuthorization

    v29 v30  
    232232   * NB If doing this then the roles checks inside {{{shn_has_permission()}}} & {{{shn_accessible_fields()}}} should be modified to read this global value instead of more DAL queries (even cached)!
    233233
    234  * A Developer should be able to restrict access to records to just those within a certain '''GIS Location''' (e.g. Country or Region)
     234 * A Developer should be able to restrict access to records to just those within a certain '''GIS Location''' (e.g. Country or Region):
    235235  * Add a special role 'Geographic' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this)
    236236   * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict)
    237237
    238  * A Developer should be able to restrict access to records to just those within a certain ''Organisation'''
     238 * A Developer should be able to restrict access to records to just those within a certain '''Organisation''':
    239239  * This could be all members of the Organisation or just the 'Focal Point'
    240240  * Add a special role 'Organisation' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this)
    241241   * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a lookup in another table (or deployment_settings dict)
    242242
    243  * A Developer should be able to restrict access to records to just those which the person created
     243 * A Developer should be able to restrict access to records to just those which the person '''Created''':
    244244  * Add a special role 'Creator' which can be added to {{{writer_id}}} (& maybe {{{reader_id}}} although less use case for this)
    245245   * Patch {{{shn_has_permission()}}} & maybe {{{shn_accessible_query()}}} to spot this special case &, if no other roles match, then do a check between {{{auth.user.id}}} & {{{table.created_by}}}
     246
     247 * Ideally options which a user doesn't have permission for should be hidden from them.
     248  * ~~Modules are hidden from Modules menu & front page~~
     249  * ~~Action buttons in tables only show 'Details' for unauthenticated users, but 'Update'/'Delete' for authenticated ones~~
     250   * ideally would distinguish per record if some records restricted (We already pull the data for the rows, so need to ensure SQL query includes relevant fields & that we act upon them)
     251  * Controller menus should be adjusted (currently done manually => harder maintenance)
     252  * Views should be adjusted (currently done manually => harder maintenance)
    246253
    247254=== Specific Examples ===