Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-1114

Edit Tribe Permission Branch

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Should
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: OpenMRS 1.3.0
    • Component/s: None
    • Labels:
      None

      Description

      This currently uses roles as the guiding force of the permission. This should be changed to use Privileges instead. Roles are just a grouping agent for privileges. The meat of permissions checking and authorization should always be done with privileges.

      The current code loops over a user's roles. This does not take into account roles inherited from other roles. If you did privilege based checking, the code would be simplified to:

      (pseudo code)
       for each privilege in tribeEditPrivileges \{
         if (Context.hasPrivilege(privilege))
           authorized = true;
       \}
      

      The Context.hasPrivilege check combines the authenticated/anonymous role's privileges and all inherited privileges from roles to determine if the current user has that privilege.

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              jmiranda Justin Miranda [X] (Inactive)
              Reporter:
              bwolfe Ben Wolfe
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: