Changes between Initial Version and Version 1 of DeveloperGuidelines/Organisations

03/21/11 04:49:22 (11 years ago)
Michael Howden



  • DeveloperGuidelines/Organisations

    v1 v1  
     2= Organisation Developer Guidelines =
     4== Site Super Entity == 
     5The following are instances of the site super entity: 
     6 * org_office 
     7 * cr_shelter 
     8 * hms_hospital 
     9The Site Super Entity allows the following components to be shared between these resources through the use of a single foreign key ({{{site_id}}}): 
     10 * org_staff 
     11 * inv_inv_item 
     12 * inv_recv 
     13 * inv_send 
     14 * req_req 
     15 * req_commit 
     17== Staff Permissions == 
     18Staff ({{{org_staff}}}) can be added as components of site instances (offices, hospitals and shelters) and organisations. There are a number of Use Cases where you may want to apply permissions based on the staff of a resource: 
     19 * Only staff of an organisation have permissions (READ, CREATE, UPDATE and/or DELETE) for their organisation resource. 
     20 * Only staff stationed at a certain site have permissions (READ, CREATE, UPDATE and/or DELETE) for their site resource. 
     22For further flexibility, there are 2 boolean fields for staff: 
     23 * {{{no_access}}} - If this is true, this staff member has no additional privileges (labelled as 'Read-only') 
     24 * {{{supervisor}}} - This gives the options for more permissive permissions for some staff. 
     26If a user creates a resource (Site or Organisation) then they are automatically given the Supervisor role for that resource. 
     28The roles are created by the {{{shn_create_record_roles}}} function in {{{models/}}}, which can be called from an org or site create_onaccept by configuring the model as following: 
     30# Create roles for each organisation / site instance 
     32                       create_onaccept = shn_staff_join_onaccept_func(tablename))   
     34(This code should be called after the resource table is defined in the model) 
     36=== Enabling Staff Permissions === 
     37 1. Set: 
     38 {{{ = 3 # Controller-ACLs. 4 & 5 will also work = True = Permissions for staff role: Create, Read, Update & or Delete = Permissions for supervisor role: Create, Read, Update & or Delete 
     43("org", Storage( 
     44    .... 
     45    restricted = True, 
     47 2. When a new organisation or site instance is created:  
     48  i. New roles (staff & supervisor) are automatically created for that record (tablename_recordid Staff of recordname & tablename_recordid Supervisors of recordname). 
     49  i. The current user is added as a member of both of those roles. 
     51 3. Add staff to organisations and sites to grant them the appropriate permissions 
     53=== Inheriting Permissions === 
     54To allow other components inherit the same permissions as the primary resource, the following function can be called, to add a onaccept function which will copy the "owned_by_role" from the primary resource. This onaccept should be added to the onaccept for the component resource.  
     56# Update owned_by_role to the site's owned_by_role     
     58    table,  
     59    onaccept = shn_component_copy_role_func(component_name = tablename,  
     60                                            resource_name = "org_site",  
     61                                            fk = "site_id", 
     62                                            pk = "site_id") 
     66The staff component resource itself currently inherit permissions from sites not organisations, because this is LESS permissive. This may need to become a deployment setting. 
     68== Inventory Management == 
     69Inventories can be added to any site instance, by adding {{{shn_show_inv_tabs(r)}}} to the rheader tabs for that site instance.