Re: [Tsheetx-developers] Changing default permissions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Dave,
I have made the page access consistent, along with the new configuration
table that Mark has created. Testing so far is good. I remember some bugs
about who sees what, e.g. seeing another person's customers, or something
like that. But that's not what this is about. It means for eample, that if
the clients form has been set at "Manager" then lower levels cannot access
it. This is somewhat achieved by the "Clients" menu item not being
presented in the menu list. But the security tightening also prevents
someone manually typing the url to get access to the clients page.

I'm referring to the 2.0-demo branch. The 1.5.3 branch I haven't looked at
for quite some time - wasn't that created for me to add a few new features,
I've forgotten? If so I have not kept it up to date. All my work and Mark's
work is in the 2.0-demo branch. In my email I had referred to 1.5.3 on the
assumption we would release the demo branch as the next number in sequence
1.5.3.

What state is the 2.0-demo branch at? I think it is almost ready for beta
release. We need Mark to reorganise the install processes and a few other
changes and it could be made ready. But Mark says that he will be busy
until around Feb before he can start on that work.

They're my two bob's worth. Mark may have a different view.

Peter

On 6 January 2012 07:41, David Thompson <tom...@us...>wrote:

>  Hi there, happy new year too.
>
> By all means change the defaults, but the testing of the different
> settings is more important. I seem to remember some cases when I saw some
> bugs, but I have never tested it rigorously enough.
>
> But when you say 1.5.3 do you mean the trunk version, or the 2.0-demo
> branch?
> What is the state of both?
>
> Cheers
>
> > Date: Wed, 4 Jan 2012 13:23:27 +1100
> > From: pal...@gm...
> > To: tsh...@li...
> > Subject: [Tsheetx-developers] Changing default permissions
>
> >
> > Hello everyone,
> > welcome to 2012. After not doing much on TSNG 1.5.3 for a couple of
> > months, I hope to do some more useful development in January.
> >
> > One of the tasks I have reviewed and upgraded is to ensure the security
> > permissions for various forms are consistent with their usage, and
> > appropriate access level. For example, ensuring all forms to do with the
> > definition and maintenance of clients, projects, tasks, rates use the
> > appropriate aclClients, aclProjects etc.
> >
> > I would like to now change the default values in TSNG 1.5.3 for some of
> > these permissions as follows, since the default is to set them all to
> > "Basic". The access levels for clients, projects, tasks, rates, expense
> > categories and timesheet approval should be defaulted to "Manager". This
> > is because basic users should not be able, by default, to add and delete
> > clients, projects, rates etc.
> >
> > Can I get a general consensus on that one?
> >
> > Peter
> >
> >
> >
> ------------------------------------------------------------------------------
> > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> > infrastructure or vast IT resources to deliver seamless, secure access to
> > virtual desktops. With this all-in-one solution, easily deploy virtual
> > desktops for less than the cost of PCs and save 60% on VDI
> infrastructure
> > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> > _______________________________________________
> > Tsheetx-developers mailing list
> > Tsh...@li...
> > https://lists.sourceforge.net/lists/listinfo/tsheetx-developers
>