Tasks and Roles: Difference between revisions
No edit summary |
(→Roles) |
||
Line 4: | Line 4: | ||
*a role $role has a display name defined at /I2CE/roles/names/$role/display_name | *a role $role has a display name defined at /I2CE/roles/names/$role/display_name | ||
*roles can inherit tasks from one another by adding it as a value of a child node of /I2CE/toles/names/$role/trickle_up <br/>For example, in iHRIS Manage at the /I2CE/roles/names/hr_staff we have: | *roles can inherit tasks from one another by adding it as a value of a child node of /I2CE/toles/names/$role/trickle_up <br/>For example, in iHRIS Manage at the /I2CE/roles/names/hr_staff we have: | ||
** display_name => HR Staff | ** display_name => HR Staff | ||
** trickle_up => Array | ** trickle_up => Array | ||
*** 0 => admin (Erase) | *** 0 => admin (Erase) | ||
*** 1 => hr_manager (Erase) | *** 1 => hr_manager (Erase) | ||
==The user table== | ==The user table== | ||
=Tasks= | =Tasks= | ||
A task can be both : | A task can be both : |
Revision as of 10:45, 13 March 2009
Roles
A role is a collection of tasks that can be assigned to a user's account.
- role names are defined as the children of the magic data path /I2CE/roles/names
- a role $role has a display name defined at /I2CE/roles/names/$role/display_name
- roles can inherit tasks from one another by adding it as a value of a child node of /I2CE/toles/names/$role/trickle_up
For example, in iHRIS Manage at the /I2CE/roles/names/hr_staff we have:- display_name => HR Staff
- trickle_up => Array
- 0 => admin (Erase)
- 1 => hr_manager (Erase)
The user table
Tasks
A task can be both :
- A collection of sub-tasks as defined:
Permissions and the Permission Parser=
The permission parser allow logical expressions to combine three types of permissions, task, roles, and module. The task and role type permissions are formed by surrounding a role name with role() or a task name with task(). For example, you can create the following permission:
(task(can_edit_database_list_facility_type) & task(can_edit_database_list_fav_color) || role(admin)
By default, tasks and roles are 'OR'ed together so the following are all the same:
- task(can_edit_database_list_facility_type) or task(can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type) | task(can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type) task(can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type,can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type|can_edit_database_list_fav_color)
A user with the role 'admin' has all tasks.
Module type permissions
Any function of a [[Technical Overview: Mo
Adding new permission types
A module can add in a [[[Technical Overview: Module Structure#Fuzzy Methods|fuzzy method]] of the form hasPermision_$type to the I2CE_PermissionParser class to enable a new permission type of the f
Uses
The tasks and roles are used in several places:
- The main [[Technical Overview: Pages and Templates#Page Logic|I2CE_Page] class checks for basic permission for the page.
- Several pages perform checks for specific roles and tasks in their action() method.
- Just before displaying the HTML the I2CE_Template, class verifies that all tasks, roles and permissions are satisfied on each node.