Reminder: Create & find trunk-related issues here. Legacy Trac tickets are still available. Problems? Workflow feedback? Need a module project? Open a support ticket.

OpenMRS Trunk

Edit Tribe Permission Branch

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Should Should
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: OpenMRS 1.3.0
  • Component/s: None
  • Severity:
    3
  • Keywords:
  • Description:
    Hide

    This currently uses roles as the guiding force of the permission. This should be changed to use Privileges instead. Roles are just a grouping agent for privileges. The meat of permissions checking and authorization should always be done with privileges.

    The current code loops over a user's roles. This does not take into account roles inherited from other roles. If you did privilege based checking, the code would be simplified to:

    (pseudo code)
 for each privilege in tribeEditPrivileges \{
   if (Context.hasPrivilege(privilege))
     authorized = true;
 \}

    The Context.hasPrivilege check combines the authenticated/anonymous role's privileges and all inherited privileges from roles to determine if the current user has that privilege.

    Show
    This currently uses roles as the guiding force of the permission. This should be changed to use Privileges instead. Roles are just a grouping agent for privileges. The meat of permissions checking and authorization should always be done with privileges. The current code loops over a user's roles. This does not take into account roles inherited from other roles. If you did privilege based checking, the code would be simplified to: 
    (pseudo code)
 for each privilege in tribeEditPrivileges \{
   if (Context.hasPrivilege(privilege))
     authorized = true;
 \}
    The Context.hasPrivilege check combines the authenticated/anonymous role's privileges and all inherited privileges from roles to determine if the current user has that privilege.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Ben Wolfe added a comment - 2008-02-19 17:42:29 EST

This change needs to be run by James Arbaugh for feasibility.

Show
Ben Wolfe added a comment - 2008-02-19 17:42:29 EST This change needs to be run by James Arbaugh for feasibility.
Hide
Permalink
Burke Mamlin added a comment - 2008-03-14 14:23:11 EDT

See also TRAC-652

Show
Burke Mamlin added a comment - 2008-03-14 14:23:11 EDT See also TRAC-652
Hide
Permalink
Ben Wolfe added a comment - 2008-04-15 00:47:45 EDT

This was committed in rev:3837

Show
Ben Wolfe added a comment - 2008-04-15 00:47:45 EDT This was committed in rev:3837

People

Dates

  • Created:
    2008-02-19 17:41:57 EST
    Updated:
    2010-07-08 16:21:38 EDT
    Resolved:
    2010-07-01 22:41:12 EDT
Atlassian JIRA (v4.1.1#522) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for OpenMRS. Try JIRA - bug tracking software for your team.