Changes between Version 3 and Version 4 of S3/S3AAA/RecordApproval


Ignore:
Timestamp:
09/21/12 10:09:31 (9 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA/RecordApproval

    v3 v4  
    3737Default is False.
    3838
    39 In addition to activating record approval, you will also need to set the role which is permitted to review/approve/reject records:
    40 
    41 {{{
    42 settings.auth.record_approver_role = <role_uid>
    43 }}}
    44 
    45 The permission to review/approve/reject records of this role is realm-limited (see [wiki:S3AAA/OrgAuth] for more details).
    46 
    47 Admin can always see all records, regardless whether they are approved or not. Other users can only see approved records, unless they have the approver role and use one of the approval methods "review", "approve", "reject".
    48 
    4939Whether record approval is required can be configured '''per table''' like:
    5040
     
    6252
    6353Record approval will then only be applied to those tables in the list. If you set this to {{{None}}}, it will fall back to the table-specific settings.
     54
     55In addition to activating record approval for a table, you will also need to give user roles permission to review/approve/reject records in this table.
     56
     57These permissions are encoded as auth.permission.REVIEW (permission to access unapproved records) and auth.permission.APPROVE (permission to approve or reject unapproved records).
     58
     59{{{
     60            acl = current.auth.permission
     61            acl.update_acl(ROLE_XY,
     62                           t="some_table",
     63                           uacl=acl.READ|acl.CREATE|acl.REVIEW|acl.APPROVE,
     64                           oacl=acl.READ|acl.UPDATE|acl.REVIEW|acl.APPROVE)
     65
     66}}}
     67
     68''Note:'' that users can have review permission (=permission to ''see'' unapproved records) without need to also have approve/reject permission.
     69
     70''Note:'' REVIEW permission alone doesn't give any access to unapproved records: it merely extends the READ/UPDATE permissions so they also apply for unapproved records. That means, if the user besides REVIEW has only READ permission in this table, then they can ''read'' unapproved records but not update them. To do that, they would need REVIEW+UPDATE permission.
     71
     72The permission to review/approve/reject records of this role is realm-limited (see [wiki:S3AAA/OrgAuth] for more details).
     73
     74Admin can always see all records, regardless whether they are approved or not. Other users can only see approved records, unless they have the approver role and use one of the approval methods "review", "approve", "reject".
    6475
    6576== Methods to Approve or Reject Records ==