Changes between Version 6 and Version 7 of S3/S3AAA/OrgAuth


Ignore:
Timestamp:
01/06/12 12:19:31 (13 years ago)
Author:
Fran Boon
Comment:

fix

Legend:

Unmodified
Added
Removed
Modified

  • S3/S3AAA/OrgAuth

    v6 v7  
    2929In OrgAuth, any applicable ACL is automatically restricted to the records of those organisations (policy 6) or organisations+facilities (policy 7) for which the user has the respective access roles. This applies to both, user-ACLs (uacl) and owner-ACLs (oacl).
    3030
    31 It is possible to override this restriction in the ACL itself, and explicitly define for which organisation/facility the ACL shall apply (see [DelegationsofPermissions Delegations of Permissions]), or to define that the ACL shall apply for the records of ''all'' organisations/facilities (see [#GeneralDelegationsofPermissions General Delegations of Permissions]).
     31It is possible to override this restriction in the ACL itself, and explicitly define for which organisation/facility the ACL shall apply (see [#DelegationsofPermissions Delegations of Permissions]), or to define that the ACL shall apply for the records of ''all'' organisations/facilities (see [#GeneralDelegationsofPermissions General Delegations of Permissions]).
    3232
    3333== Delegations of Permissions ==
     
    4141{{{
    4242    # Get the access role from the organisation record
    43     org_record = db(db.org_organisation.id == my_org_id).select(db.org_organisation.owned_by_role,
     43    org_record = db(db.org_organisation.id == my_org_id).select(db.org_organisation.owned_by_organisation,
    4444                                                                limitby=(0, 1)).first()
    4545
    4646    # Delegate read permission for this organisation's inv_inv_item record to all authenticated users
    4747    update_acls(authenticated,
    48                 dict(t="inv_inv_item", uacl=acl.READ, organisation=org_record.owned_by_role))
     48                dict(t="inv_inv_item", uacl=acl.READ, organisation=org_record.owned_by_organisation))
    4949}}}
    5050
     
    5353{{{
    5454    # Get the access role for this organisation
    55     this_org = db(db.org_organisation.id == my_org_id).select(db.org_organisation.owned_by_role,
     55    this_org = db(db.org_organisation.id == my_org_id).select(db.org_organisation.owned_by_organisation,
    5656                                                              limitby=(0, 1)).first()
    5757
    5858    # Get the access role for the other organisation
    59     other_org = db(db.org_organisation.id == other_org_id).select(db.org_organisation.owned_by_role,
     59    other_org = db(db.org_organisation.id == other_org_id).select(db.org_organisation.owned_by_organisation,
    6060                                                                  limitby=(0, 1)).first()
    6161
    6262    # Delegate read permission for this organisation's inv_inv_item record to all authenticated users
    6363    update_acls(other_org.owned_by_role,
    64                 dict(t="inv_inv_item", uacl=acl.READ, organisation=this_org.owned_by_role))
     64                dict(t="inv_inv_item", uacl=acl.READ, organisation=this_org.owned_by_organisation))
    6565}}}
    6666