|
|
|
| The following comment has been added to this issue: |
[ Permlink ] |
|
Author: Florent Guillaume
Date: 24/05/07 18:25
Comment:
Brainstormed ideas (to be discussed further and set in stone later):
One good way to do what we want is to have finer-grained permissions in the ACL to express that we can Read/Write only a given field or schema.
For instance we could have sub-permissions of "Write" named "Write.dc:title" (for the field case), or "Write.dc:" for all the schemas using the dc prefix.
If we want per-schema permissions, it's a bit harder if we want proper grouping, as we have Write > Write.dc: > Write.thedublincoreschema > Write.dc:title.
The DocumentModel would have to be aware of the ACL and forbid read/write of the affected fields. It should also allow introspection of these permissions.
One UI aspect of the permission problem is how this is going to be checked at the Action level.
Some further use case that has been mentioned is the fact that we could want some fields to have specific permissions only on a Folder but not on its children. This would need ACLs that are not inherited, a boolean "inherited" (true by default) could be added to the ACLs.
|
|
Sometimes we need to be more specific about schemas/fields.
For instance even someone can edit a document, maybe we would like to protect some field from being edited/read.
Or on the contrary, when someone cannot edit a document, maybe we would like some fields to be edited.
|
|
|
|
![]() |
|
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
