Fine-grained admin rights
Submitted by shuvam on Thu, 2008-09-04 19:46
Implementing two levels of admin rights: global and local. All admin activities can only be done by global users, and a sub-set of admin activities can be done for local users by their local admins. This list of activities which are allowed for local admins is specifiable per enterprise, it's not hard-coded in the Merce code.
Hemant is working on it. Immediate deployment needed for NFL.
»
- Login to post comments
- Printer-friendly version
- Send to friend
Status
Hemant should be finishing the task for fine-grained admin rights by Monday 22 Sep latest. He's in touch with me, and work is on track. He's completely rewriting one or two CGI programs which are related to user editing/addition, and this will result in cleaner code for these critical and very fragile programs. All this re-writing and the fine-grained admin rights will all be done in another day or two.
Then Hemant will start work on UI for file and mail folder access controls.
Status
Had chat with Hemant today. I suggested that he should modify the is_admin() function to now take three parameters:
The function should return boolean. All programs which call is_admin() will need to be modified.
I suggested that Hemant should use Akshay's Merce::user.pm module and use its function to load a user's information into memory. This will be called twice, for the current user and the to-be-acted-upon user. Thus, is_admin() will not need to do any database I/O on the user table.
Hemant will get back with some status in a day or so.