Changes between Version 57 and Version 58 of BluePrintAuthorization


Ignore:
Timestamp:
06/19/10 21:03:57 (11 years ago)
Author:
Fran Boon
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • BluePrintAuthorization

    v57 v58  
    316316
    317317 * '''FRP''': a request that has been submitted by an IP user can be completely changed as well as cancelled/deleted by IP users belonging to the same organisation, but only until a WFP user has confirmed the request - after that the IP users can only change certain fields in the record, and not delete the record anymore.
    318   * ''tbc''
     318  * Field in requests table 'confirmed' which is writable=False unless role==WFP
     319  * onvalidation for requests does a check whether confirmed is set &, if it is, only allows the relevant fields to be changed & denies deletion
    319320
    320321 * '''FRP''': if a user has a role which would normally be granted permission to a resource has another role, then deny them access instead.
    321322  * {{{shn_role_check}}} covers this: [wiki:BluePrintAuthorization#Functionrestriction]
    322 
     323  * Option: Introduce full-blown model of Persons -> Groups (pr_group) -> Roles (auth_group) -> Permissions
     324   * Downside: Extra layer of confusion for both Admins & Developers
     325   * Upside: Very flexible for Admins to manage which users (in bulk & future members) get what access to resources (subject to sufficient roles being made available by the developer)
    323326----
    324327BluePrintAuthenticationAccess