Text permission
Added by Anh Kỳ Huỳnh almost 15 years ago
Hi all,
While waiting for #337 (private issue) I think of an alternative to protect the contents of every posts (issue's description, journal notes, comments, messages, etc.) The idea is inspired from Apache .htaccess: To protect any contents, I add some directives at the very begining of the text, for e.g.,
{{{ allow @Assignable, user1; deny user2, @User }}} The contents of the messages (would be denied from user2 and all users has role User)
I implemented successfully such feature for my site. (For example, when accessing http://viettug.org/wiki/rocky/Text_Permission you would see Contents protected).
Technical said, I override attribute methods in the models. For example, redefine description for News class. And I have to write a common function to parse the directives {{{...}}}
. There are some small troubles when users edit the protected contents, but this depends on how the manager set the rules for the projects. When it is stable enough I would announce the source/patch (I cannot implement it as a module. I hacked the Redmine code instead.)
When implementing the feature, I note that we should need a common way/hook for object's attributes (:description for :issue, :notes for :journal, etc), and the common way to use them. For example, some places in the Redmine source (0.8.5) uses object.attribute, some other places use object.read_attribute(:attribute_name) to get the contents. I found that way was hard to maintain.
I post my idea here and hope it may be useful.
Regards,
PS: I am sorry for my poor English.