Changes between Version 57 and Version 58 of BluePrintAuthorization
- Timestamp:
- 06/19/10 21:03:57 (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BluePrintAuthorization
v57 v58 316 316 317 317 * '''FRP''': a request that has been submitted by an IP user can be completely changed as well as cancelled/deleted by IP users belonging to the same organisation, but only until a WFP user has confirmed the request - after that the IP users can only change certain fields in the record, and not delete the record anymore. 318 * ''tbc'' 318 * Field in requests table 'confirmed' which is writable=False unless role==WFP 319 * onvalidation for requests does a check whether confirmed is set &, if it is, only allows the relevant fields to be changed & denies deletion 319 320 320 321 * '''FRP''': if a user has a role which would normally be granted permission to a resource has another role, then deny them access instead. 321 322 * {{{shn_role_check}}} covers this: [wiki:BluePrintAuthorization#Functionrestriction] 322 323 * Option: Introduce full-blown model of Persons -> Groups (pr_group) -> Roles (auth_group) -> Permissions 324 * Downside: Extra layer of confusion for both Admins & Developers 325 * Upside: Very flexible for Admins to manage which users (in bulk & future members) get what access to resources (subject to sufficient roles being made available by the developer) 323 326 ---- 324 327 BluePrintAuthenticationAccess