[Koha-bugs] [Bug 20813] Revamp user permissions system
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Nov 2 02:05:33 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813
--- Comment #40 from David Cook <dcook at prosentient.com.au> ---
(In reply to Martin Renvoize from comment #39)
> I've discussed this a little offline with a few people but never found a
> moment to put it down as a comment here.
>
> I think this bug starts going in the right direction.. but..
>
> I don't think we should continue down the route of 'nesting' permissions in
> a hierarchy.
>
> I'd rather see 'a bag of permissions' and then ways to arbitrarily group
> them.. be that for 'roles' or 'permissions groups' or whatever.
Agreed.
I think a good first step would be to have a single coherent way of fetching
and checking permissions (ie authorizations) across Koha, and then we can
incrementally improve the creation and organisation of permissions.
Right now, we use "C4::Auth::haspermission($userid,$flagsrequired)" in order to
get our permission data structure, when really we should be doing something
like "Koha::Auth->is_authorized({ flags => $flags, flagsrequired =>
$flagsrequired })"
Bug 31389 takes the $flags data structure and translates it into something that
can be used for the template authorizations.
Koha::Auth->is_authorized could actually leverage
Koha::Auth::Permissions->get_authz_from_flags().
Or something new could be made that fits the different scenarios.
--
Overall, we're not doing anything too complicated with
permissions/authorizations.
Maybe I could have another look at this sometime...
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list