resources
Scenario - rolesprivs
Posted by: Jo on May 20, 2009 | Updated: June 9, 2009 01:50 PM
We currently have a monotone scenario in the 'rolespriv' branch of the core database. This scenario adds some additional features to the Roles module related to user roles in specific groups by the Group roles instances and fixes some existing instances.
In order to remain backward compatible, we have currently left existing functionality of the Roles instance masks as they are. These instances only work on individual roles, including group roles. The Group roles instances act on all roles, including group roles, within a given instance of a group role, but not that group role itself.
As well as the new roles instances, we have reworked all the roles admin functions, so far, to utilize these privilege checks, and fixed the existing privilege checks so they work as intended.
We have also been working on cleaning up all the roles functions and templates, and removing the dependency on the xarQuery file in roles, thus bringing roles more into line with the standard database functions and wrappers.
The table below lists the current Roles instances and mask, and actions that were planned in this scenario. It's a little rough with some mixed concepts in columns/rows but does the job as a quick reference for now. Suggestions and comments welcome before we propagate this into the Core branch.
| Role mask name, instance (action) | Mail users | Attach Role | Remove Role | Acts on User role | Acts on Group role | +Acts on all in Group | Test or view privs |
|---|---|---|---|---|---|---|---|
| * MailRoles, Mail (ADMIN) |
X
|
X
|
X
|
||||
| * AttachRole, Relation (ADD) |
X
|
X
|
|||||
| * RemoveRole, Relation (DELETE) |
X
|
X
|
|||||
| ViewRole, Roles (VIEW) |
X
|
X
|
|||||
| ReadRole, Roles (READ) |
X
|
X
|
|||||
| SubmitRole, Roles (COMMENT) |
X
|
X
|
|||||
| ModerateRole, Roles (MODERATE) |
X
|
X
|
|||||
| EditRole, Roles (EDIT) | X | X | |||||
| AddRole,Roles (ADD) |
X
|
X
|
X
|
X
|
|||
| DeleteRole, Roles (DELETE) |
X
|
X
|
X
|
X
|
|||
| AdminRole,Roles (ADMIN) |
X
|
X
|
X
|
X
|
X
|
X
|
|
| ** ViewGroupRoles, Group (VIEW) |
X | ||||||
| ** ReadGroupRoles, Group (READ) |
X | ||||||
| ** ModerateGroupRoles,Group (MODERATE) |
X | ||||||
| ** EditGroupRoles, Group (EDIT) |
X | ||||||
| ** AddGroupRoles, Group (ADD) |
X
|
X |
X
|
||||
| ** DeleteGroupRoles, Group (DELETE) |
X
|
X |
X
|
||||
| ** AdminGroupRoles, Group (ADMIN) |
X
|
X
|
X
|
X |
X
|
||
+ All roles in group means user roles [edited 9/6/09].
* Fixed instances in the rolespriv scenario, to work as they should
** New instances introduced in the scenario
Related project : xarigami core
| « prev | next» |