Changes between Version 50 and Version 51 of S3/S3AAA/OrgAuth


Ignore:
Timestamp:
09/13/12 21:47:49 (12 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA/OrgAuth

    v50 v51  
    4343=== Realms ===
    4444
    45 The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data").  The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record. The "owned_by_entity" field - if present in the table - gets automatically populated in CRUD and Imports (during create), using the auth.s3_set_record_owner method.
     45The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data").  The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the {{{realm_entity}}} field in this record. The "realm_entity" field - if present in the table - gets automatically populated in CRUD and Imports (during create), using the auth.s3_set_record_owner method.
    4646
    4747The entity whose realm a record will belong to will be calculate according to the following (in order of decreasing priority):
    4848
    49 ==== 1. 'Global 'auth.owner_entity''' function: ====
    50 It is possible to set a global method for the owner_entity hook in the config.py of the respective template:
     49==== 1. 'Global 'auth.realm_entity''' function: ====
     50It is possible to set a global method for the realm_entity hook in the config.py of the respective template:
    5151{{{
    52 settings.auth.owner_entity = function
     52settings.auth.realm_entity = function
    5353}}}
    54 The global function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the owner entity.
    55 ==== 2. Table '''owner_entity''' function: ====
     54The global function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the realm entity.
     55==== 2. Table '''realm_entity''' function: ====
    5656{{{
    5757s3db.configure(tablename,
    58                owner_entity = function_or_lambda)
     58               realm_entity = function_or_lambda)
    5959}}}
    60 The table function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the owner entity.
    61 '''NOTE:''' As the global owner_entity function overrides any table-specific setting (this is deliberate), to retain a table specific setting, you must repeat it in the global owner_entity function.
     60The table function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the realm entity.
     61'''NOTE:''' As the global realm_entity function overrides any table-specific setting (this is deliberate), to retain a table specific setting, you must repeat it in the global realm_entity function.
    6262==== 4. {{{pe_id}}} field in record ====
    6363
     
    8383[[Image(orgauth2.png)]]
    8484
    85 In this list there is also an entry for '''All Entities''' which means that this role assignment is ''not'' restricted to a realm, but applies ''site-wide'' (=for all records regardless of their respective owner entity).
     85In this list there is also an entry for '''All Entities''' which means that this role assignment is ''not'' restricted to a realm, but applies ''site-wide'' (=for all records regardless of their respective realm entity).
    8686
    8787The entry '''Default Realm''' means all entities the user is (or will be) an organisation unit of at the time of the request authorization.
     
    9595}}}
    9696
    97 This can either be a list of the PE IDs (=this role applies for all records where ''owned_by_entity'' belongs to this list) or None (=this role applies site-wide).
     97This can either be a list of the PE IDs (=this role applies for all records where ''realm_entity'' belongs to this list) or None (=this role applies site-wide).
    9898=== Realm Hierarchy ===
    9999