Hi,
I think that make it simple may be a good solution.
I do not understand why you want to forbid write access on a network
boundaries if you do not have right on parent network.
You have access to the son, why not been able to update it if you stay
on the parent network boundary ?
Trying to do a simple management with warnings if needed may be the more
useful solution.
When trying to use the datas, checking its validity will permit to not
take into account not valid networks ?
I do not understand your patch. You only check that you have access to a
module with an entity.
If I understand correctly, it is equivalent to do :
haveAccessToEntity($entities_id) && haveRight($module,$right) ?
Items that you can split in :
- canUpdate/canView : check only global right : haveRight
- CanUpdateItem/ canViewItem : check access to entity (+ others checks
like parent right check if needed...)
Defining theses functions you will be able to use the can function as
proposed before.
Regards
Julien
Le 25/07/2011 08:55, Damien Touraine a écrit :
Hi,
I have tried the method you propose. However, the rights are only
check regarding the current session. Thus, if you have write access
inside the current session, you will have write access on any objects
whatever its entity.
That is a problem for the IPv4 network object I try to implement. I
try to make "delegation of sub networks". I suggest you to give a look
on the wiki page I developped to describe my proposal :
https://forge.indepnet.net/projects/glpi/wiki/IPv4Netowrk_class
So, the method you proposed is not convenient, as it only check wirtes
regarding current session entity wherever we must check rights from
the point of view of other entities.
Thus, I propose you the attached patch : it provide the
'haveAbsoluteRight' function. This one directly ask the database to
retrieve the given right inside the given entity of the given user.
It take care of the recursive rights. We should avoid using it
everytime as it may be time consuming (use of SQL request). But some
times (my case is the only one I see), it may be usefull.
Regards
Damien Touraine
On 07/21/11 13:04, MoYo wrote:
Le 21/07/2011 12:55, Damien Touraine a écrit :
Hi,
Is there a way to know the rights for the current user on another
entity than the current one ?
For instance, we are inside the "A" entity, and we want to know if
the current user has rights for write networking inside entity "B".
I can use :
$currentEntity = $_SESSION["glpiactive_entity"]; // That should be
equal the "A id"
changeActiveEntities("B id");
$allowed = haveRights('networking', 'w');
changeActiveEntities($currentEntity); // Go back to "A" entity
...
But I think it should be to rough.
Hi,
What is the real usage of this checks ?
Check to know if you can add / update an item ?
For an item checking the right add on a specific entity
$item->can(-1,'w',array('entities_id'=>$entities_id));
you can add others params if needed in third argument.
Regards
Julien
KR
Damien Touraine
_______________________________________________
Glpi-dev mailing list
Glpi-dev@gna.org
https://mail.gna.org/listinfo/glpi-dev
_______________________________________________
Glpi-dev mailing list
Glpi-dev@gna.org
https://mail.gna.org/listinfo/glpi-dev
_______________________________________________
Glpi-dev mailing list
Glpi-dev@gna.org
https://mail.gna.org/listinfo/glpi-dev
