Tasks and Roles
Roles
A role is a collection of tasks that can be assigned to a user's account.
- role names are defined as the children of the magic data path /I2CE/roles/names
- a role $role has a display name defined at /I2CE/roles/names/$role/display_name
- roles can inherit tasks from one another by adding it as a value of a child node of /I2CE/toles/names/$role/trickle_up
For example, in iHRIS Manage at the /I2CE/roles/names/hr_staff we have:- display_name => HR Staff (Erase)
- trickle_up => Array [
- 0 => admin (Erase)
- 1 => hr_manager (Erase)
- ]
The user table
Tasks
A task can be both :
- A collection of sub-tasks as defined:
Permissions and the Permission Parser=
The permission parser allow logical expressions to combine three types of permissions, task, roles, and module. The task and role type permissions are formed by surrounding a role name with role() or a task name with task(). For example, you can create the following permission:
(task(can_edit_database_list_facility_type) & task(can_edit_database_list_fav_color) || role(admin)
By default, tasks and roles are 'OR'ed together so the following are all the same:
- task(can_edit_database_list_facility_type) or task(can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type) | task(can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type) task(can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type,can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type can_edit_database_list_fav_color)
- task(can_edit_database_list_facility_type|can_edit_database_list_fav_color)
A user with the role 'admin' has all tasks.
Module type permissions
Any function of a [[Technical Overview: Mo
Adding new permission types
A module can add in a [[[Technical Overview: Module Structure#Fuzzy Methods|fuzzy method]] of the form hasPermision_$type to the I2CE_PermissionParser class to enable a new permission type of the f
Uses
The tasks and roles are used in several places:
- The main [[Technical Overview: Pages and Templates#Page Logic|I2CE_Page] class checks for basic permission for the page.
- Several pages perform checks for specific roles and tasks in their action() method.
- Just before displaying the HTML the I2CE_Template, class verifies that all tasks, roles and permissions are satisfied on each node.