[ic] Permissions question

dave@davetotten.com dave@davetotten.com
Thu, 15 Mar 2001 12:26:34 -0700


On Thu, Mar 15, 2001 at 11:46:39AM -0600, Steve Palm wrote:
> 
>  (still getting nowhere, trying again for help on this one....)
> 
> 
> I am trying to set up a user who only has permission to view pending orders and change their status.
> 
>  ----------------------------------------------------------------------------
>  Order Manager:
>  View list, View single, Edit, Archive, Un-Archive   (Not Delete, InputNew)
> 
>  Orderline and Transactions permissions:
>  View, Edit, Delete, Export  (Not Hide, Create, Import)
>  ----------------------------------------------------------------------------
> 
> When they try to change the global order status, it doesn't update, and when they log-out they get this error:
> 
>   Failure: Unauthorized for key archived 
> 
> 
> Any ideas?

If you can live with a user that can view any orders, but only is allowed
to change the status (to shipped, backordered... etc.) then this might help
you.

When editting the access table in the admin interface, there is a column for
table_control. As the name depicts, you can control your tables with this.

What goes into this field is an anonymous hash that may look like this:

{ 
   'pricing'  => {
                    'no_fields'  => "price_group",
                 },
   'products' => {
                    'no_keys'    => "weight nontaxable",
                    'yes_keys'   => "00-0011 00-0011a 00-342 00-343 00-404",
                    'yes_fields' => "sku artist title description comment",
                 },
}

of course you will have to put it all in one line. I have just formatted
this so it is easier to see.

so in this field, you could put something like

{
   'orderline' => {
                     'yes_fields' => "status",
                  },
}

and when going into select an item to order, they will be able to see most
of the order information, but when they go to edit a specific order, all
they will get a chance to edit is the status field.

I know this isn't exactly what you wanted, but perhaps it is enough.

Dave Totten
            


> -- 
> Steve Palm <stevep@sga.org> * SGA * Loves Park, IL *
> http://www.sga.org
> 
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@lists.akopia.com
> http://lists.akopia.com/mailman/listinfo/interchange-users