Changes between Version 64 and Version 65 of BluePrintAuthorization


Ignore:
Timestamp:
06/19/10 23:39:06 (15 years ago)
Author:
Fran Boon
Comment:

Creator field & be safe with keeping the permissions fields & authorstamp optional

Legend:

Unmodified
Added
Removed
Modified

  • BluePrintAuthorization

    v64 v65  
    147147
    148148 * For single records modify {{{shn_has_permission()}}} (called from {{{shn_create()}}}, {{{shn_delete()}}}, {{{shn_read()}}} & {{{shn_update()}}}, but also available for other functions)
     149  * Q: Can we merge this with the reading of the record to have a single DAL hit instead of 1 for the permissions check & another for the actual read?
    149150{{{
    150151def shn_has_permission(name, tablename, record_id = 0):
     
    201202        record = None
    202203
    203         if "deleted" in table.fields:
     204        _fields = table.fields
     205
     206        if "deleted" in  _fields:
    204207            # Check if record is deleted
    205             record = db(table.id == record_id).select(table.deleted, table.reader_id, table.writer_id, limitby=(0, 1)).first()
     208            if "reader_id" in _fields and "created_by" in _fields:
     209                record = db(table.id == record_id).select(table.deleted, table.reader_id, table.writer_id, table.created_by, limitby=(0, 1)).first()
     210            elif "reader_id" in _fields:
     211                record = db(table.id == record_id).select(table.deleted, table.reader_id, table.writer_id, limitby=(0, 1)).first()
     212            elif "created_by" in _fields:
     213                record = db(table.id == record_id).select(table.deleted, table.created_by, limitby=(0, 1)).first()
     214            else:
     215                record = db(table.id == record_id).select(table.deleted, limitby=(0, 1)).first()
     216
    206217            if record.deleted:
    207218                authorised = False
     
    214225
    215226        # Check the record's auth fields
     227        if not "reader_id" in _fields:
     228            # No record-level permissions (we assume that reader_id & writer_id fields always present/absent together via use of 'permissions_id')
     229            authorised = True
     230            return authorised
     231
    216232        if not record:
    217             record = db(table.id == record_id).select(table.reader_id, table.writer_id, limitby=(0, 1)).first()
     233            if "created_by" in _fields:
     234                record = db(table.id == record_id).select(table.reader_id, table.writer_id, table.created_by, limitby=(0, 1)).first()
     235            else:
     236                record = db(table.id == record_id).select(table.reader_id, table.writer_id, limitby=(0, 1)).first()
    218237        if name == "read":
    219238            if not table.reader_id:
     
    226245                    if restriction in roles:
    227246                        authorised = True
     247                    elif restriction == "2" and "created_by" in _fields:
     248                        # 'Creator' restriction
     249                        if auth.user.id == table.created_by:
     250                            authorised = True
    228251               
    229252        elif name in ["delete", "update"]:
     
    238261                        # restriction 0 is anonymous
    239262                        authorised = True
     263                    elif restriction == "2" and "created_by" in _fields:
     264                        # 'Creator' restriction
     265                        if auth.user.id == table.created_by:
     266                            authorised = True
    240267
    241268        else: