Changes between Version 44 and Version 45 of S3/S3AAA/OrgAuth


Ignore:
Timestamp:
09/08/12 05:11:27 (12 years ago)
Author:
Michael Howden
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA/OrgAuth

    v44 v45  
    4343=== Realms ===
    4444
    45 The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data"). Which entity gains control over a record can be defined per record type, and even as deployment options. The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record.
     45The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data").  The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record. The "owned_by_entity" field - if present in the table - gets automatically populated in CRUD and Imports (during create), using the auth.s3_set_record_owner method.
    4646
    47 The "owned_by_entity" field - if present in the table - gets automatically populated in CRUD and Imports (during create), using the auth.set_record_owner method. This method can be influenced by the '''owner_entity''' table hook:
     47The entity whose realm a record will belong to will be calculate according to the following (in order of decreasing priority):
    4848
     49==== 1. 'Global 'auth.owner_entity''' function: ====
     50It is possible to set a global method for the owner_entity hook in the config.py of the respective template:
     51{{{
     52settings.auth.owner_entity = function
     53}}}
     54The global function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the owner entity.
     55==== 2. Table '''owner_entity''' function: ====
    4956{{{
    5057s3db.configure(tablename,
    5158               owner_entity = function_or_lambda)
    5259}}}
    53 
    54 The hook function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the owner entity.
    55 
    56 It is possible to set a global method for the owner_entity hook in the config.py of the respective template:
    57 {{{
    58 settings.auth.owner_entity = function
    59 }}}
    60 
    61 '''NOTE:''' the global owner_entity setting overrides any table-specific setting (this is deliberate), i.e. to retain a table specific setting, you must repeat it in the global hook function.
     60The table function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the owner entity.
     61'''NOTE:''' As the global owner_entity function overrides any table-specific setting (this is deliberate), to retain a table specific setting, you must repeat it in the global owner_entity function.
     62==== 4. {{{pe_id}}} field in record ====
     63==== 5. {{{organisation_id}}} field in record ====
     64==== 6. {{{site_id}}} field in record ====
     65==== 7. {{{group_id}}} field in record ====
     66==== 8. User's Organisation ====
     67''Proposed''
     68==== 9. User ====
     69''Proposed''
     70==== 10. None ====
     71''Proposed to be removed''
     72If none of the above apply, then the record will not belong to any realm and can be accessed by all realms
    6273=== Role Restrictions ===
    6374