https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #40 from David Cook <dcook@prosentient.com.au> --- (In reply to Martin Renvoize from comment #39)
I've discussed this a little offline with a few people but never found a moment to put it down as a comment here.
I think this bug starts going in the right direction.. but..
I don't think we should continue down the route of 'nesting' permissions in a hierarchy.
I'd rather see 'a bag of permissions' and then ways to arbitrarily group them.. be that for 'roles' or 'permissions groups' or whatever.
Agreed. I think a good first step would be to have a single coherent way of fetching and checking permissions (ie authorizations) across Koha, and then we can incrementally improve the creation and organisation of permissions. Right now, we use "C4::Auth::haspermission($userid,$flagsrequired)" in order to get our permission data structure, when really we should be doing something like "Koha::Auth->is_authorized({ flags => $flags, flagsrequired => $flagsrequired })" Bug 31389 takes the $flags data structure and translates it into something that can be used for the template authorizations. Koha::Auth->is_authorized could actually leverage Koha::Auth::Permissions->get_authz_from_flags(). Or something new could be made that fits the different scenarios. -- Overall, we're not doing anything too complicated with permissions/authorizations. Maybe I could have another look at this sometime... -- You are receiving this mail because: You are watching all bug changes.