Wednesday, July 9. 2008
The Privileges is apply on each item within one module of a project.
The project owner has a tab in the item form where all users (except the current user) are listed in rows and some checkbox with the access as columns
(in fact a matrix). Note that this tab is only accessible if the user is the owner of the item or have admin access on it.
The different stages of privileges can be:
None: The user can´t see the item.
Read: Allow to see the item.
Write: Allow to update the item.
Access: Allow to Pass through the item. (See the sub projects for example, but don´t see the project itself).
Create: Allow to create sub items.
Copy: Allow to copy the items and create other one.
Delete: Allow to delete the item.
Download: Allow to download files (for example in the File manager module)
Admin: Allow to do all, AND edit the access of the item.
The owner of the item, have always all the access checked.
Each user MUST have some type of access to the item, if not, will don´t see it.
Note that the Rights of the item must be combined with:
- Module access
- Role System
The Role system applies directly to the modules within a project.
In order to create a new role, the administrator will have a list of all the active modules, and 4 columns with checkbox: READ, WRITE, CREATE, ADMIN.
The types have different stages of privileges:
Read Access: The User with this role can read all the items in the module.
Write Access: The User with this role can update all the items in the module.
Create Access: The User with this role can create new items in the module.
Admin Access: The User with this role can read/write/create items in the module AND change the access of the item.
How does this look in practice? Here is an example:
The administrator can define some roles like:
Admin Role
Todo -> Read, Write, Create, Admin
Note -> Read, Write, Create, Admin
Project -> Read, Write, Create, Admin
Read Only Role
Todo -> Read
Note -> Read
Project -> Read
Maintain Role
Todo -> Read, Write
Note -> Read, Write
Project -> Read, Write
The role applies for each user in each project.
So in the Project Form, there is a Tab with all the users (except the current user) and a list of all the roles available.
The current user can´t change their role on one project, and if is the owner of it, will have complete access.
If one user don´t have any role on a project, the role of the parent project for this user is used.
The first role-project relation is for the root project, this relation can´t be deleted and is used by default. (Root Project <-> Admin Role <-> User ).
If a new user is created, then a new default relation must be inserted.
Note that the Role system must be combined to other access system like:
- Rights on each item.
- Module access
PHProjekt has a hierarchical projcet tree.
Each project is a "node", with different modules, roles and access for each user (in other words, each project can have it's own set of modules and respective roles). For project owners there is an additional tab in the form of each project where you can assign the modules will be available within your project.
In this tab, there is a simple list of all the current active modules, and a checkbox for allow it in the project or not.
So, in a tree of project like the:
ROOT
|__ Project 1
|....|__ Project 3
|....|__ Project 4
|........|____Project 5
|__ Project 2
the owner of the project or a user with write access on it, can allow or disallow some modules.
For example:
Is possible to:
- Have in the Project 1, only Sub Projects and Todos,
- Have in the Project 3, Todos, Calendar and Notes, (Without Sub Projects).
- Have in the Project 4, Todos only
- Have in the Project 5, Notes only
- Have in the Project 2, all, Sub Projects, Todos, Calendar and Notes.
Note that the project can have some modules allowed, BUT the access of it depend on the Role system.
So, if one user have a role that don´t allow to see Todos in the Project 3, THIS user will don´t see any Todos in it,
but the other users with other roles, will can.
For read about the Roles, click here.
