# HG changeset patch # User Todd Larsen # Date 1222845087 0 # Node ID 17984abf0c74701f121224ca8a79fdb95fe3f882 # Parent 0408b85de42bbe6987160f5a1960c3a8b6a62291 Some TODOs on access control that I didn't want to forget. diff -r 0408b85de42b -r 17984abf0c74 app/soc/models/work.py --- a/app/soc/models/work.py Wed Oct 01 07:10:43 2008 +0000 +++ b/app/soc/models/work.py Wed Oct 01 07:11:27 2008 +0000 @@ -87,3 +87,14 @@ #: date when the work was last modified modified = db.DateTimeProperty(auto_now=True) + + # TODO: some sort of access control preferences are needed at this basic + # level. Works need to be restrict-able to: + # * the authors only + # * the administrators of the Groups that the authors are in + # * any member of the authors' Groups + # * logged-in User with a profile + # * logged-in Users, but no profile is necessary + # * anyone, even those not logged in + # (and possibly others) + diff -r 0408b85de42b -r 17984abf0c74 app/soc/views/docs/show.py --- a/app/soc/views/docs/show.py Wed Oct 01 07:10:43 2008 +0000 +++ b/app/soc/views/docs/show.py Wed Oct 01 07:11:27 2008 +0000 @@ -55,6 +55,13 @@ # create default template context for use with any templates context = response_helpers.getUniversalContext(request) + # TODO: there eventually needs to be a call to some controller logic that + # implements some sort of access controls, based on the currently + # logged-in User's Roles, etc. + + # TODO: based on the User's Roles, Documents that the User can edit + # should display a link to a document edit form + # try to fetch User entity corresponding to linkname if one exists try: doc = document.getDocumentIfPath(partial_path, link_name=linkname)