Thanks for the quick reply - I have now read your entire guide.
In the above scenario, I can see how that would work. I would check for access, it would return allow and then I could look through the attributes to see what "Company" you had access to.
Now - I need to implement a UI to set all these companies in the role/task/operations.
1) If I wanted to REMOVE your rights from a company or maybe remove everyone's rights from a company, how would I do that? Those attributes would be scattered all over the place. You may have access to 10 roles and 10 tasks - each
one of those potentially having that company as an attribute? Additionally if I removed the last company from the attribute list, would probably want to remove that role/task from your user. Would I have to iterate through every user and every
users roles/tasks/operations to find each attribute??
2) I have seen others asking this kind of question and also seen where you addressed it in the manual and the solution is attributes. However, we then need more support for maintaining these attributes. Maybe even something like your 'GetDBUsers'
that would return a list of possible attribute keys (function would return "select companyId, companyName......"). Then when using the GUI this would be more natural?
3) Finally need to turn the hierarchy around. Given an attribute key, where is it located? I realize attributes are scoped to the item/role/etc, so this is an issue. I guess we need to be able to define attribute types.
I would have a 'CustomerAttribute' and when you called my "GetAttributeKeys" sql function - you would pass "CustomerAttribute", and I would return the correct list. When adding attribute to a item, I would add an attribute of
type 'CustomerAttribute' and pick from your list. This would give the ability to have a "CustomerAttribute" node on the tree, under that node when I clicked it - would show each customer that had an attribute somewhere - then clicking
on that customer would be able to see where/what/who had rights to them.
4) Sort of the same as #3, but in the given infrastructure - would be nice to browse by USER. I click on a user - and under them I can see their rights, etc. As it is now, you go to the item and add the user. Would be nice to do it
the other way around sometimes - and definitely if you want to see what rights a user has - this would help. (I did see your 'check access' screen on the GUI - and that is a good workaround).
Product looks great - I like what you have done. I am going to try to use it - once I figure out how to do the above.