[Erp5-users] how to design security

[bartek]

gunjan jhunjhunwala wrote:
> hi,
> I am a novice in erp5 and I'm trying to study it from the wiki and other 
> docs around the web.
> 
> According to Base_setDefaultSecurity[1], it says that associate has only 
> the common functions but not the power to modify.

Not necessarily - Base_setDefaultSecurity contains default security 
settings, but they are meant to be changed.

> I think Associate should be replaced with Assignee in above case or wiki 

It can be argued - playing with security model is more an art then a 
science. In this case, I think Associate is appropriate because it is a 
person who is expected to cooperate with the author because he works 
with him, he is the Author's "team-mate". An Assignee would be somebody 
to whom the certain task is more or less explicitly "assigned". For 
example, if the document in question was related to a project, then 
people working on that project could be classified as Assignees in the 
context of the document.

If I'm wrong, somebody correct me please.

Bartek

> document[2] should redefine the common_permission_list.
> 
> Please let me know about your opinion.
> [1] 
> http://svn.erp5.org/*checkout*/erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml?revision=11320&content-type=text%2Fplain 
> <http://svn.erp5.org/*checkout*/erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml?revision=11320&content-type=text%2Fplain>
> [2] http://wiki.erp5.org/HowToDesignSecurity
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Erp5-users mailing list
> Erp5-users at erp5.org
> http://erp5.org/mailman/listinfo/erp5-users


-- 
"feelings affect productivity. (...) unhappy people write worse 
software, and less of it."
Karl Fogel, "Producing Open Source Software"