Marcello wrote:
> 1) Check if the current user is allowed to call a particular
> tagle/action couple.
> For example, we could have a "role" table and a "user" table which
> should be visible to "administrators" (i.e. users who belong to role
> "administrator") but not to "customers" (i.e. users who belong to role
> "customer"); or, we could limit customers' access to their data to be
> read-only, so a user with role "customer" could call customerdata/list
> but not customerdata/delete; and so on.
I've just posted a plugin that does this.
> 2.a) Build a menu template which displays only the allowed actions for
> the current user.
There are some untested functions get_authorized_classes and
get_authorized_methods intended to help with this.
> 2.b) Each button, hyperlink or form pointing to a particular
> table/action combination should be displayed only if the current user is
> allowed to call that combination.
> In other words, the templates should hide all the elements that would
> point to an action the user is not allowed to perform.
> Ideally, the user should never see a "not allowed" page, unless she
> tries to perform a particular action by typing a specific URL direcly
> into the address-bar.
This sounds like what I have in mind.
> 3) Write role-specific templates. This could allow the developer to
> customize the interface on a per-role basis.
This also sounds like what I want to do. I'd love to see anything you do
in this direction. Otherwise templates will become more and more complex
with conditional code to decide whether there should be edit or delete
buttons or whatever.
Cheers, Dave
_______________________________________________
maypole mailing list
maypole at lists.netthink.co.uk
http://lists.netthink.co.uk/listinfo/maypole
This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:57 GMT