| 2 | == Roles == |
| 3 | Roles are stored in the {{auth_group}}. |
| 4 | |
| 5 | These have no links to the groups in {{{pr_group}}}. |
| 6 | |
| 7 | We are currently adopting a simplistic 3-tier approach of Person -> Role -> Permissions. |
| 8 | |
| 9 | We consider that the 4-tier approach of Person -> Group -> Role -> Permissions is unnecessarily complex for users, despite giving strong flexibility & the potential for advanced admins to move persons into roles in bulk & including future members of the group. |
| 10 | |
| 11 | Roles for the currently logged-in user are cached in the session for easy access throughout Model, Controllers & Views. |
| 12 | In {{{models/00_utils.py}}}: |
| 13 | {{{ |
| 14 | def shn_sessions(): |
| 15 | ... |
| 16 | roles = [] |
| 17 | try: |
| 18 | user_id = auth.user.id |
| 19 | _memberships = db.auth_membership |
| 20 | memberships = db(_memberships.user_id == user_id).select(_memberships.group_id, cache=(cache.ram, 60)) # 60s cache |
| 21 | for membership in memberships: |
| 22 | roles.append(membership.group_id) |
| 23 | except: |
| 24 | # User not authenticated therefore has no roles other than '0' |
| 25 | pass |
| 26 | session.s3.roles = roles |
| 27 | }}} |