| | 2 | == Roles == |
| | 3 | Roles are stored in the {{auth_group}}. |
| | 4 | |
| | 5 | These have no links to the groups in {{{pr_group}}}. |
| | 6 | |
| | 7 | We are currently adopting a simplistic 3-tier approach of Person -> Role -> Permissions. |
| | 8 | |
| | 9 | We consider that the 4-tier approach of Person -> Group -> Role -> Permissions is unnecessarily complex for users, despite giving strong flexibility & the potential for advanced admins to move persons into roles in bulk & including future members of the group. |
| | 10 | |
| | 11 | Roles for the currently logged-in user are cached in the session for easy access throughout Model, Controllers & Views. |
| | 12 | In {{{models/00_utils.py}}}: |
| | 13 | {{{ |
| | 14 | def shn_sessions(): |
| | 15 | ... |
| | 16 | roles = [] |
| | 17 | try: |
| | 18 | user_id = auth.user.id |
| | 19 | _memberships = db.auth_membership |
| | 20 | memberships = db(_memberships.user_id == user_id).select(_memberships.group_id, cache=(cache.ram, 60)) # 60s cache |
| | 21 | for membership in memberships: |
| | 22 | roles.append(membership.group_id) |
| | 23 | except: |
| | 24 | # User not authenticated therefore has no roles other than '0' |
| | 25 | pass |
| | 26 | session.s3.roles = roles |
| | 27 | }}} |
