A user only access unassigned cases and cases assigned to himself?
masood_mj - April 27, 2009 - 08:51
| Project: | Case Tracker |
| Version: | 6.x-1.0-beta1 |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
I want the users only have access to cases which is assigned to themselves and unassigned cases.
I used content_access module but it only enables me to set accesses based on content type and node by node. (if it had content access based on a view, it would solve my problem)
Besides I can restrict access to the casetracker related views, but the user can access the cases in recent posts!
Is there any way to edit casetracker.module to add a permission to it which uses a sql query for this purpose?
#1
I'm sure that there is a way to edit casetracker.module to do what you want, but it sound to me like you may be better served by drupal's node_access system. Implementing a node access module that relies on the assignee to determine access rights would directly address the needs to mention.
#2
Isnt it possible to achieve this using the casetracker_project_cases view?
Maybe adding an argument for Cases>Arguments>Case Tracker: Case status
Havent tried this myself in this instance (although I have used views to only allow access to casetracker to specific roles) ...just throwing it out there
#3
The views cannot help because the illegal user can access it using recent posts or search engines or even links saved on a computer!. You know that views works in the presentation layer which is above access (security) layer.
thanks jmiccolis I will read the documents.
#4
@masood_mj did you come up with a solution for your need here? This issue has come up again http://drupal.org/node/475538 and I'd like figure out a good way to address these sorts of needs.
#5
My point from the other thread is that I need restrict users (using roles) to view only cases they authored.
I see that the URL
casetracker/mygives all cases assigned to me,If you could provide
casetracker/myauthoredto give all cases authored by me, and no links or tabs to get at other cases, I am good to go.#6
If you really want to use casetracker, you can edit the casetracker_basic.module and find
casetracker_basic_case_accessmethod. You can see that there is a restriction when the og module presents, but when you do not use og, it only uses the "access case tracker" permission. I've change this part like the following in order to permit users to have access to unassigned cases, cases assigned to them, and cases they've authoredif (!module_exists('og')) {return
(user_access('edit any cases') || (int)$node->casetracker->assign_to == (int)$user->uid
|| (int)$node->uid == (int)$user->uid
|| (int)$node->casetracker->assign_to == 0);
}
But, Now, I do not use this module. I use CCK, CCK_Comment and OG. CCK enables me to prevent users to change priority and content of a task. Besides, it is more integrated with notifications module. I use OG to restrict access of a case to a group of people (Although you can use Node Access User Reference module to give permissions to the assigned user instead of og). CCK_Comment helps me to enable users to change only task progress by comment while case_tracker doesn't have these features.
#7
pdarnell, you can use content access module which enables you to uncheck "view all contents" for each content type and check "view own contents". I think this will help you.
If you want this restriction only in view layer (Users can see the contents by urls or recent posts link). You can set access permissions in case tracker views and create your own views for "myauthored" links.