Tasks and Roles: Difference between revisions

From IHRIS Wiki
No edit summary
No edit summary
Line 1: Line 1:
=Roles=
=Roles=
A role is a collection of [[#Tasks|tasks]] that can be assigned to a user's account.
*role names are defined as the children of the [[Technical Overview: Configuration (Magic) Data|magic data path]] /I2CE/roles/names
*a role $role has a display name defined at /I2CE/roles/names/$role/display_name
*roles can inherit tasks from one another by adding it as a value of a child node of /I2CE/toles/names/$role/trickle_up <br/>For example, in iHRIS Manage at the /I2CE/roles/names/hr_staff we have:
** display_name => HR Staff (Erase)
** trickle_up => Array [
*** 0 => admin (Erase)
*** 1 => hr_manager (Erase)
**    ]
==The user table==
==The user table==
=Tasks=
=Tasks=
=Task and Role Management=
A task can be both :
*A collection of sub-tasks as defined:
=Permissions and the Permission Parser==
The permission parser allow logical expressions to combine three types of permissions, ''task'', ''roles'', and ''module''.  The task and role type permissions are formed by surrounding a role name with role() or a task name with task().  For example, you can create the following permission:
(task(can_edit_database_list_facility_type) & task(can_edit_database_list_fav_color) || role(admin)
By default, tasks and roles are 'OR'ed together so the following are all the same:
*task(can_edit_database_list_facility_type) or task(can_edit_database_list_fav_color)
*task(can_edit_database_list_facility_type) | task(can_edit_database_list_fav_color)
*task(can_edit_database_list_facility_type)  task(can_edit_database_list_fav_color)
*task(can_edit_database_list_facility_type,can_edit_database_list_fav_color)
*task(can_edit_database_list_facility_type can_edit_database_list_fav_color)
*task(can_edit_database_list_facility_type|can_edit_database_list_fav_color)
 
A user with the role 'admin' has all tasks.
 
==Module type permissions==
Any function of a [[Technical Overview: Mo
==Adding new permission types==
A module can add in a [[[Technical Overview: Module Structure#Fuzzy Methods|fuzzy method]] of the form ''hasPermision_$type'' to the ''I2CE_PermissionParser'' class to enable a new permission type of the f
=Uses=
The tasks and roles are used in several places:
*The main [[Technical Overview: Pages and Templates#Page Logic|I2CE_Page] class checks for basic permission for the page. 
*Several pages perform checks for specific roles and tasks in their action() method.
*Just before displaying the HTML the I2CE_Template, class verifies that all tasks, roles and permissions are satisfied on each node. 
=Task and Role Administration=

Revision as of 10:44, 13 March 2009

Roles

A role is a collection of tasks that can be assigned to a user's account.

  • role names are defined as the children of the magic data path /I2CE/roles/names
  • a role $role has a display name defined at /I2CE/roles/names/$role/display_name
  • roles can inherit tasks from one another by adding it as a value of a child node of /I2CE/toles/names/$role/trickle_up
    For example, in iHRIS Manage at the /I2CE/roles/names/hr_staff we have:
    • display_name => HR Staff (Erase)
    • trickle_up => Array [
      • 0 => admin (Erase)
      • 1 => hr_manager (Erase)
    • ]

The user table

Tasks

A task can be both :

  • A collection of sub-tasks as defined:

Permissions and the Permission Parser=

The permission parser allow logical expressions to combine three types of permissions, task, roles, and module. The task and role type permissions are formed by surrounding a role name with role() or a task name with task(). For example, you can create the following permission:

(task(can_edit_database_list_facility_type) & task(can_edit_database_list_fav_color) || role(admin)

By default, tasks and roles are 'OR'ed together so the following are all the same:

  • task(can_edit_database_list_facility_type) or task(can_edit_database_list_fav_color)
  • task(can_edit_database_list_facility_type) | task(can_edit_database_list_fav_color)
  • task(can_edit_database_list_facility_type) task(can_edit_database_list_fav_color)
  • task(can_edit_database_list_facility_type,can_edit_database_list_fav_color)
  • task(can_edit_database_list_facility_type can_edit_database_list_fav_color)
  • task(can_edit_database_list_facility_type|can_edit_database_list_fav_color)

A user with the role 'admin' has all tasks.

Module type permissions

Any function of a [[Technical Overview: Mo

Adding new permission types

A module can add in a [[[Technical Overview: Module Structure#Fuzzy Methods|fuzzy method]] of the form hasPermision_$type to the I2CE_PermissionParser class to enable a new permission type of the f

Uses

The tasks and roles are used in several places:

  • The main [[Technical Overview: Pages and Templates#Page Logic|I2CE_Page] class checks for basic permission for the page.
  • Several pages perform checks for specific roles and tasks in their action() method.
  • Just before displaying the HTML the I2CE_Template, class verifies that all tasks, roles and permissions are satisfied on each node.

Task and Role Administration