[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Health] Tryton Access Rules | Defaults for defined user groups
From: |
Christoph H. Larsen |
Subject: |
Re: [Health] Tryton Access Rules | Defaults for defined user groups |
Date: |
Sun, 22 Jan 2012 20:44:55 +0430 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.20) Gecko/20110820 Iceowl/1.0b2 Icedove/3.1.12 |
Dear Ronald,
I am happy to tell you that with a clear head I have solved the
conundrum: The trouble for the seemingly inconsistent execution of rules
was caused by my not taking into account that access to the respective
menu item / object involves not only access to patients (is_patient =
True with rwc- rights), but also read-only (r---) access to parties with
is_insurance_company = True.
This gives my Patient Registration group rwc- access to patient core
data, and r--- access to their insurances. Phew.
The only remaining questions for now:
How can I set default selections, e.g. select is_patient = True for
parties added by the Patiejt Registration group?
Thanks a lot for any ideas and your encouragement - we are approaching
implementation phase in two or three days, starting with Patient
Registration!
Bests from damn freezing Kabul,
Chris
On 22/01/12 02:38, ronald munjoma wrote:
> Hi Chris,
>
> On 21 January 2012 13:38, Christoph H. Larsen
> <address@hidden <mailto:address@hidden>>
> wrote:
>
> Dear Crowd,
>
> The problem: I have set up a range of "Parties", including patients,
> employees , insurance companies and institutions.
> Likewise, I have a number of user groups, such as "Human Resources",
> "Patient Registration", etc.
> Evidently, we want to make sure that the guys in Human Resources canot
> snoop on the patient core daty put down by "Patient Registration' in
> Parties.
> Hence, I used the access model "Party" for both "Human Resources" and
> "Patient Registration", and defined access rules like:
> Human Resources can see those objects in the Party model, if the field
> is_institution = False AND if the field is_insurance_company = False AND
> if the field is_patient = False. Sounds easy, but it is not: The Rules
> in the Access Permissions tab of Groups can only do OR, not AND, or this
> is what I believe, as I cannot string conditions together. It does not
> make any difference, whether I put all conditions into ONE rule, or have
> sequential rules with single conditions set up. Any ideas?
>
> Also, for the group "Patient Registration", I would love to have the
> fields is_patient and is_person set to TRUE, both to make life easier,
> and to prevet the locking the patient registration staff from locking
> themselves out of party records, when they forget to set is_patient to
> TRUE. Any way how to define default values in Tryton?
>
>
> Some what similar requirements were discussed on the list before, there
> is a proposal to have acess roles by default, see task
> #11368: http://savannah.gnu.org/task/?11368
>
> Find below previous discussions (hope they address your issues):
> http://lists.gnu.org/archive/html/health/2011-11/msg00110.html
> and
> http://lists.gnu.org/archive/html/health/2011-11/msg00115.html
>
> Regards
> Ronald
>
>
> Thanks a millions, and best regards from Kabul -
>
> Chris
>
>
> --
> Dr. Christoph H. Larsen
> synaLinQ (Vietnam) synaLinQ (Kenya)
> P.O. Box 55, Bưu điện NT, 01 Pasteur P.O. Box 1607, Village Market
> Nha Trang, Khánh Hòa Nairobi 00621
> Vietnam Kenya
> Mobile: +84-98-9607357 <tel:%2B84-98-9607357>
> Mobile: +254-753-632481 <tel:%2B254-753-632481>
> +49-176-96456254 <tel:%2B49-176-96456254> (Germany)
> Fax: +49-231-292734790 <tel:%2B49-231-292734790>
> Email: address@hidden
> <mailto:address@hidden>
>
>
--
Dr. Christoph H. Larsen
synaLinQ (Vietnam) synaLinQ (Kenya)
P.O. Box 55, Bưu điện NT, 01 Pasteur P.O. Box 1607, Village Market
Nha Trang, Khánh Hòa Nairobi 00621
Vietnam Kenya
Mobile: +84-98-9607357 Mobile: +254-753-632481
+49-176-96456254 (Germany)
Fax: +49-231-292734790
Email: address@hidden