| ... | @@ -4,8 +4,7 @@ |
... | @@ -4,8 +4,7 @@ |
|
|
|
|
|
|
|
# Permissons
|
|
# Permissons
|
|
|
|
|
|
|
|
To explain basic permissioning (ignoring workflows), we will use
|
|
To explain basic permissioning (ignoring workflows), we will use a helpdesk example. This is the basic table structure of our example:
|
|
|
a helpdesk example. This is the basic table structure of our example:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ... | @@ -15,26 +14,17 @@ There are three groups of users: |
... | @@ -15,26 +14,17 @@ There are three groups of users: |
|
|
* customers
|
|
* customers
|
|
|
* accounting
|
|
* accounting
|
|
|
|
|
|
|
|
The setup designed to make sure customers only see their own tickets,
|
|
The setup designed to make sure customers only see their own tickets, empoyees to have private comments and the accountants to have a set of departments (which are a tree) they are able to do actions for.
|
|
|
empoyees to have private comments and the accountants to have a set of departments
|
|
|
|
|
(which are a tree) they are able to do actions for.
|
|
|
|
|
|
|
|
|
|
In the following text, we will distinguish between "list" and "join" rights. Both
|
|
In the following text, we will distinguish between "list" and "join" rights. Both are basically "read" rights, but if a user does not have any transitions defined on an entity, a listing of that entity will always return an empty list.
|
|
|
are basically "read" rights, but if a user does not have any transitions defined
|
|
|
|
|
on an entity, a listing of that entity will always return an empty list.
|
|
|
|
|
|
|
|
|
|
Nevertheless, it may be permitted to be joined to another table which references
|
|
Nevertheless, it may be permitted to be joined to another table which references it, so that an instance can always be retrieved with all it's dependencies. Here, the permission on the main entry basically gets inherited by instances it references.
|
|
|
it, so that an instance can always be retrieved with all it's dependencies. Here,
|
|
|
|
|
the permission on the main entry basically gets inherited by instances it
|
|
|
|
|
references.
|
|
|
|
|
|
|
|
|
|
See [Category] for an example.
|
|
See [Category] for an example.
|
|
|
|
|
|
|
|
## Tickets
|
|
## Tickets
|
|
|
|
|
|
|
|
Apart from read, create, edit and delete actions, there is an additional "set_department" action which
|
|
Apart from read, create, edit and delete actions, there is an additional "set_department" action which will set the value of the cost_bearing_department of a ticket. Here is a quick overview of who can do which action:
|
|
|
will set the value of the cost_bearing_department of a ticket. Here is a quick overview of who can do which
|
|
|
|
|
action:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
```
|
| ... | @@ -46,23 +36,17 @@ accounting all - - - - only certain depa |
... | @@ -46,23 +36,17 @@ accounting all - - - - only certain depa |
|
|
----------------------------------------------------------------------------------------
|
|
----------------------------------------------------------------------------------------
|
|
|
```
|
|
```
|
|
|
|
|
|
|
|
An employee can create a ticket on behalf of a different user. A customer can
|
|
An employee can create a ticket on behalf of a different user. A customer can only create tickets for herself.
|
|
|
only create tickets for herself.
|
|
|
|
|
|
|
|
|
|
A delete will automatically cascade to referenced instances, regardless of
|
|
A delete will automatically cascade to referenced instances, regardless of permissions on the referenced instances.
|
|
|
permissions on the referenced instances.
|
|
|
|
|
|
|
|
|
|
In our example, this means that a customer deletes a ticket including the
|
|
In our example, this means that a customer deletes a ticket including the private comments made by employees.
|
|
|
private comments made by employees.
|
|
|
|
|
|
|
|
|
|
The set_department transition for accounting will only allow those departments
|
|
The set_department transition for accounting will only allow those departments to be set which are whthin the user's permissions. See [Departments].
|
|
|
to be set which are whthin the user's permissions. See [Departments].
|
|
|
|
|
|
|
|
|
|
## Category
|
|
## Category
|
|
|
|
|
|
|
|
The category table has no explicit permission set at all. But, to enable
|
|
The category table has no explicit permission set at all. But, to enable the creating of a ticket, where it is a required field, full read access is granted to anyone who can create tickets:
|
|
|
the creating of a ticket, where it is a required field, full read
|
|
|
|
|
access is granted to anyone who can create tickets:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
```
|
| ... | @@ -74,15 +58,11 @@ accounting - [ticket] - - - |
... | @@ -74,15 +58,11 @@ accounting - [ticket] - - - |
|
|
--------------------------------------------------
|
|
--------------------------------------------------
|
|
|
```
|
|
```
|
|
|
|
|
|
|
|
Accounting has no direct read access but can still join any category which is being
|
|
Accounting has no direct read access but can still join any category which is being referenced in the ticket table by tickets. This is restricted to those tickets the user has list rights on.
|
|
|
referenced in the ticket table by tickets. This is restricted to those tickets
|
|
|
|
|
the user has list rights on.
|
|
|
|
|
|
|
|
|
|
## Public Comments
|
|
## Public Comments
|
|
|
|
|
|
|
|
Public comments can be written by customers and employees, only the ticket creator
|
|
Public comments can be written by customers and employees, only the ticket creator can edit or delete a ticket. This ensures that even an employee can not edit or delete anyone else's comments.
|
|
|
can edit or delete a ticket. This ensures that even an employee can not edit or delete
|
|
|
|
|
anyone else's comments.
|
|
|
|
|
|
|
|
|
|
```
|
|
```
|
|
|
list join on create edit delete
|
|
list join on create edit delete
|
| ... | @@ -93,17 +73,13 @@ accounting - - - - - |
... | @@ -93,17 +73,13 @@ accounting - - - - - |
|
|
-------------------------------------------------------------------
|
|
-------------------------------------------------------------------
|
|
|
```
|
|
```
|
|
|
|
|
|
|
|
Because the binding of the actions on this table is the "creating_client", a listing
|
|
Because the binding of the actions on this table is the "creating_client", a listing of this entity will return only those comments owned by the user.
|
|
|
of this entity will return only those comments owned by the user.
|
|
|
|
|
|
|
|
|
|
Nevertheless, joining this table on ticket will work and return any instances
|
|
Nevertheless, joining this table on ticket will work and return any instances that reference a ticket a user has rights to.
|
|
|
that reference a ticket a user has rights to.
|
|
|
|
|
|
|
|
|
|
So, in our case, an employee has access to all tickets and will therefore be able to join
|
|
So, in our case, an employee has access to all tickets and will therefore be able to join all public comments.
|
|
|
all public comments.
|
|
|
|
|
|
|
|
|
|
A customer will be able to join her own and any other user's comments onto
|
|
A customer will be able to join her own and any other user's comments onto her own tickets.
|
|
|
her own tickets.
|
|
|
|
|
|
|
|
|
|
## Private Comments
|
|
## Private Comments
|
|
|
|
|
|
| ... | @@ -118,14 +94,22 @@ accounting - - - - - |
... | @@ -118,14 +94,22 @@ accounting - - - - - |
|
|
-------
|
|
-------
|
|
|
```
|
|
```
|
|
|
|
|
|
|
|
Because customers and accounting have no actions defined on this entity and it's not referenced
|
|
Because customers and accounting have no actions defined on this entity and it's not referenced by any other entity (they have access to), they do not see it at all.
|
|
|
by any other entity (they have access to), they do not see it at all.
|
|
|
|
|
|
|
|
|
|
## Departments
|
|
## Departments
|
|
|
|
|
|
|
|
Departments have a "parent" attribute which may refer to an instance in the same entity.
|
|
Quick permission overview:
|
|
|
This means, that those instances can be represented as a tree and permission can be set on
|
|
|
|
|
nodes of the tree and delegation of responsibilities is possible.
|
|
```
|
|
|
|
list join on create edit delete
|
|
|
|
----------------------------------------------------------------
|
|
|
|
employee - [ticket] - - -
|
|
|
|
customer - [ticket] - - -
|
|
|
|
accounting see tree [ticket] - - -
|
|
|
|
----------------------------------------------------------------
|
|
|
|
```
|
|
|
|
|
|
|
|
Departments have a "parent" attribute which may refer to an instance in the same entity. This means, that those instances can be represented as a tree and permission can be set on nodes of the tree and delegation of responsibilities is possible.
|
|
|
|
|
|
|
|
This is the example we're going to look at:
|
|
This is the example we're going to look at:
|
|
|
|
|
|
| ... | @@ -137,11 +121,8 @@ The colored dots point out where new people are being assigned. |
... | @@ -137,11 +121,8 @@ The colored dots point out where new people are being assigned. |
|
|
|
|
|
|
|
### global vs delegable vs local
|
|
### global vs delegable vs local
|
|
|
|
|
|
|
|
Global and delegable assignment both travel down the defined tree. Local puts the
|
|
Global and delegable assignment both travel down the defined tree. Local puts the assignement on one node only.
|
|
|
assignement on one node only.
|
|
|
|
|
|
|
|
|
|
Global means that the permission is set independent of other people having an
|
|
Global means that the permission is set independent of other people having an assignment set on a node.
|
|
|
assignment set on a node.
|
|
|
|
|
|
|
|
|
|
Deleigable means that the assignment only works where no one else has been assigned. Otherwise,
|
|
Deleigable means that the assignment only works where no one else has been assigned. Otherwise, the rest of the tree is "cut off". |
|
|
the rest of the tree is "cut off". |
|
\ No newline at end of file |
|
\ No newline at end of file |
|
|
