Changes between Version 5 and Version 6 of S3/S3AAA/RecordApproval


Ignore:
Timestamp:
09/21/12 10:19:46 (9 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA/RecordApproval

    v5 v6  
    8787...to reject (=delete) all unapproved records in a resource.
    8888
    89 S3CRUD shall implement the following methods:
     89  '''Note:''' that S3Resource instances always exclude unapproved records, so these methods will always fail unless you define the resource with the unapproved=True parameter:
     90{{{
     91resource = current.s3db.resource("my_table", 1, unapproved=True)
     92}}}
     93
     94  '''NOTE:''' resource.reject() is much more radical about record deletion than delete() - it will try to bypass any RESTRICTs and rigirously delete any dependency of the rejected records so they can not leave any undesired legacy behind. However, that means that reject() must always be properly authorized and strictly limited to unapproved records in tables which require approval.
     95
     96S3CRUD implements the '''review''' method to review/approve/reject records in a resource:
    9097
    9198{{{
     
    96103/controller/function/XY/review
    97104}}}
    98 ...to review a particular record, which then gives the user the option to either:
     105...to review/approve/reject a particular record.
    99106
    100 {{{
    101 POST /controller/function/XY/approve
    102 }}}
    103 ...approve the record, or:
    104 {{{
    105 POST /controller/function/XY/reject
    106 }}}
    107 ...reject it.
    108 
    109   '''NOTE:''' resource.reject() is much more radical about record deletion than delete() - it will try to bypass any RESTRICTs and rigirously delete any dependency of the rejected records so they can not leave any undesired legacy behind. However, that means that reject() must always be properly authorized and strictly limited to unapproved records in tables which require approval.
    110 
    111   '''Developer note:''' ''GET to {{{approve}}} or {{{reject}}} shall forward to {{{review}}} (for REST compliance)''
    112 
    113   '''Developer note:''' ''If {{{approve}}} or {{{reject}}} are called without record ID, they shall raise a "Record Not Found" error rather than to approve/reject all unapproved records as per the requirement that a record can only be approved/rejects after it has been reviewed (=no bulk approval/reject).''
    114 
     107   '''Note:''' For security reasons, both ''approve'' and ''reject'' via CRUD are only possible as POST requests which include the respective form keys from the ''review'' of a record.
    115108== Callbacks ==
    116109