[OPEN-ILS-DEV] User permissions error
Jason Etheridge
jason at esilibrary.com
Fri May 23 15:14:34 EDT 2008
One thing we tend to overlook with the bootstrap CGI scripts: there
is no defensive programming or sanity checking of inputs here, so it's
possible to put your system into an inconsistent state.
For example, let's say you have a perm group tree that looks like this:
Staff
\----- Circulator
\----- Cataloger
And you have a permission called UPDATE_MARC assigned to Cataloger.
If at this point you add UPDATE_MARC to Staff, you could break the
interface, because then Cataloger will have an explicit perm set and
it will also be inheriting the perm from Staff.
The rule here is don't set a permission in an ancestor group if any of
the descendant groups already have that permission set.
If you can't untangle this from the interface you may need to drop
down to the database to clean things up.
Another way you can break things is by not having consecutive depths
in your Org Unit Types.
For example, assume you have Organization Unit Types like so:
Consortium Depth: 0 Parent: None
System Depth: 1 Parent: Consortium
Branch Depth: 2 Parent: System
And you decide you don't want to model your Organization Tree that
deeply, so you delete System, and rename Consortium to be System,
resulting in:
System Depth: 0 Parent: None
Branch Depth: 2 Parent: System
You would need to further change the depth for Branch to 1 for this
not to break things.
It's worth mentioning that this interface is being re-implemented and
the new one will be safer to use.
--
Jason Etheridge
| VP, Community Support and Advocacy
| Equinox Software, Inc. / The Evergreen Experts
| phone: 1-877-OPEN-ILS (673-6457)
| email: jason at esilibrary.com
| web: http://www.esilibrary.com
More information about the Open-ils-dev
mailing list