Since there is 3 system of access, how is the relation?
1- There is a Module access, that say with modules have each project.
Example:
Project 1 have (Projects, To do´s, Notes)
Project 2 have (To do´s)
Project 3 have (Notes)
2. There is a Role system, that say what can do the user in each module.
Example:
Role Admin can:
On Projects, Read, Write, Create and Admin
On To do´s, Read, Write, Create and Admin
On Notes, Read, Write, Create and Admin
Role read only can:
On Projects, Read.
On To do´s, Read.
On Notes, Read.
Role Secretary
On Projects, Read and Wirte.
On To do´s, Read and Wirte.
On Notes, Read and Wirte.
There is a relation role-user for EACH project.
So the same user can have Admin Role for the project 1 and Secretary Role for the project 2
3- The Rights on the item, that say what can do the user on it.
Example:
Project 1 - User 1 - Owner -> Can do all.
Project 1 - User 2 - Can Read, Write, Delete.
Project 1 - User 3 - Can Read.
To do 1 - User 1 - Owner -> Can do all.
To do 1 - User 2 - Can Read, Write, Delete, Admin,
To do 1 - User 3 - None.
- Relation 1. and 2.
When the user see one project node, the allowed modules are showed like tabs.
These modules are the combination of the Modules that have this project ( 1.) and the Role of the current user for this project (2.).
The role of the user in the project that are seeing, must have:
- read access for see the tab of the module
- create or admin access for see the "add" button in the module.
- Relation 2. and 3.
Each item have an array of access for each user.
This access must be combined with the role access assigned for this user on the current project node (or the parent node if there is no role on the current)
The relation is based on the next table:
R o l e s R i g h t s
..................................................................
.................|.read.|.write.|.create.|.admin..
..................................................................
.read.........|...X....|....X....|............|....X....... I
............................................................... t
.write........|.........|....X....|.....X.....|....X....... e
............................................................. m
.access....|...X....|....X....|.....X.....|....X........ s
...............................................................
.create......|.........|....X....|.....X.....|....X...... R
.............................................................. i
.copy.......|.........|....X....|.....X.....|....X........ g
.............................................................. h
.delete......|.........|....X....|............|....X........ t
............................................................... s
.download..|...X....|....X....|............|....X......
..................................................................
.admin.......|.........|..........|............|....X......
..................................................................
All the X are allowed combinations, examples:
If the user have in the item, "delete" access, but on the role have only "read" access, the delete access will be false.
If the user have in the item, "delete" access, and in the role have "write" or "admin" access, the delete access will be true.
The result is an array with true or false in none, read, write, access, create, copy, delete,download and admin.
