From 49d6398684fd6acb39324385d8dcdb888cad7ef4 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Mon, 6 May 2019 23:41:43 +0000 Subject: [PATCH] --- ayanova/devdocs/todo.txt | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ayanova/devdocs/todo.txt b/ayanova/devdocs/todo.txt index 351bb9db..2fc61633 100644 --- a/ayanova/devdocs/todo.txt +++ b/ayanova/devdocs/todo.txt @@ -34,7 +34,7 @@ TODO: • What can edit, refer to WorkorderRoles doc ??? - https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1782 - https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1809 - - EditOwn is originally intended to deal with + - EditOwn is originally intended to deal with limited rights users who are not supposed to see other workorders but the ones they are supposed to work on. - ISSUE: if they can only edit own widgets but not create or change others, do they still see the list of widgets? - How do they create one, are they allowed to? - What role allows create but not edit or is that a thing? @@ -50,7 +50,11 @@ TODO: - Can the client check a right and decide that since they can edit own they are allowed to see that feature section but it might be empty? - This seems wonky to me right now but maybe it isn't, it's been an idea for some time but maybe not really questioned in reality scenarios. - Edit own is only about workorders? Or everything? - + - Issue is that this means every possible way of viewing widgets for example needs to have exceptions for people of limited roles who are only supposed to see their own widgets that they created. + - Does this mean every list fetcher needs to check rights first then add an additional filter if they are only allowed to editown restricted to owner=currentuserid? + - Would that solve this problem? + + - About page - should show currently logged in user name, doesn't actually show anywhere right now - LOGIN: hitting enter / return should be equivalent of clicking on OK button