Changes between Version 44 and Version 45 of S3/S3AAA/OrgAuth
- Timestamp:
- 09/08/12 05:11:27 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
S3/S3AAA/OrgAuth
v44 v45 43 43 === Realms === 44 44 45 The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data"). Which entity gains control over a record can be defined per record type, and even as deployment options. The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record.45 The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data"). The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record. The "owned_by_entity" field - if present in the table - gets automatically populated in CRUD and Imports (during create), using the auth.s3_set_record_owner method. 46 46 47 The "owned_by_entity" field - if present in the table - gets automatically populated in CRUD and Imports (during create), using the auth.set_record_owner method. This method can be influenced by the '''owner_entity''' table hook:47 The entity whose realm a record will belong to will be calculate according to the following (in order of decreasing priority): 48 48 49 ==== 1. 'Global 'auth.owner_entity''' function: ==== 50 It is possible to set a global method for the owner_entity hook in the config.py of the respective template: 51 {{{ 52 settings.auth.owner_entity = function 53 }}} 54 The global function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the owner entity. 55 ==== 2. Table '''owner_entity''' function: ==== 49 56 {{{ 50 57 s3db.configure(tablename, 51 58 owner_entity = function_or_lambda) 52 59 }}} 53 54 The hook function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the owner entity. 55 56 It is possible to set a global method for the owner_entity hook in the config.py of the respective template: 57 {{{ 58 settings.auth.owner_entity = function 59 }}} 60 61 '''NOTE:''' the global owner_entity setting overrides any table-specific setting (this is deliberate), i.e. to retain a table specific setting, you must repeat it in the global hook function. 60 The table function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the owner entity. 61 '''NOTE:''' As the global owner_entity function overrides any table-specific setting (this is deliberate), to retain a table specific setting, you must repeat it in the global owner_entity function. 62 ==== 4. {{{pe_id}}} field in record ==== 63 ==== 5. {{{organisation_id}}} field in record ==== 64 ==== 6. {{{site_id}}} field in record ==== 65 ==== 7. {{{group_id}}} field in record ==== 66 ==== 8. User's Organisation ==== 67 ''Proposed'' 68 ==== 9. User ==== 69 ''Proposed'' 70 ==== 10. None ==== 71 ''Proposed to be removed'' 72 If none of the above apply, then the record will not belong to any realm and can be accessed by all realms 62 73 === Role Restrictions === 63 74