Changes between Version 50 and Version 51 of S3/S3AAA/OrgAuth
- Timestamp:
- 09/13/12 21:47:49 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
S3/S3AAA/OrgAuth
v50 v51 43 43 === Realms === 44 44 45 The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data"). The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record. The "owned_by_entity" field - if present in the table - gets automatically populated in CRUD and Imports (during create), using the auth.s3_set_record_owner method.45 The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data"). The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the {{{realm_entity}}} field in this record. The "realm_entity" field - if present in the table - gets automatically populated in CRUD and Imports (during create), using the auth.s3_set_record_owner method. 46 46 47 47 The entity whose realm a record will belong to will be calculate according to the following (in order of decreasing priority): 48 48 49 ==== 1. 'Global 'auth. owner_entity''' function: ====50 It is possible to set a global method for the owner_entity hook in the config.py of the respective template:49 ==== 1. 'Global 'auth.realm_entity''' function: ==== 50 It is possible to set a global method for the realm_entity hook in the config.py of the respective template: 51 51 {{{ 52 settings.auth. owner_entity = function52 settings.auth.realm_entity = function 53 53 }}} 54 The global function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the ownerentity.55 ==== 2. Table ''' owner_entity''' function: ====54 The global function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the realm entity. 55 ==== 2. Table '''realm_entity''' function: ==== 56 56 {{{ 57 57 s3db.configure(tablename, 58 owner_entity = function_or_lambda)58 realm_entity = function_or_lambda) 59 59 }}} 60 The table function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the ownerentity.61 '''NOTE:''' As the global owner_entity function overrides any table-specific setting (this is deliberate), to retain a table specific setting, you must repeat it in the global owner_entity function.60 The table function must accept {{{(table, row)}}} as parameters, and return the pe_id (Person Entity ID) of the realm entity. 61 '''NOTE:''' As the global realm_entity function overrides any table-specific setting (this is deliberate), to retain a table specific setting, you must repeat it in the global realm_entity function. 62 62 ==== 4. {{{pe_id}}} field in record ==== 63 63 … … 83 83 [[Image(orgauth2.png)]] 84 84 85 In this list there is also an entry for '''All Entities''' which means that this role assignment is ''not'' restricted to a realm, but applies ''site-wide'' (=for all records regardless of their respective ownerentity).85 In this list there is also an entry for '''All Entities''' which means that this role assignment is ''not'' restricted to a realm, but applies ''site-wide'' (=for all records regardless of their respective realm entity). 86 86 87 87 The entry '''Default Realm''' means all entities the user is (or will be) an organisation unit of at the time of the request authorization. … … 95 95 }}} 96 96 97 This can either be a list of the PE IDs (=this role applies for all records where '' owned_by_entity'' belongs to this list) or None (=this role applies site-wide).97 This can either be a list of the PE IDs (=this role applies for all records where ''realm_entity'' belongs to this list) or None (=this role applies site-wide). 98 98 === Realm Hierarchy === 99 99