Type: New Feature
Affects Version/s: None
Fix Version/s: 1.0
This version will support two types of permissioning - menu access and view/edit access for contacts based on contact groups. Edit permissions always encompass view permissions. Permissioned access applies to both UI access and API access.
User interfaces should 'intelligently' adapt to permission restrictions so as to avoid presenting users with options that they are not authorized to use. Preferred method is to suppress these links/buttons. 2nd best option is to deactivate - with clear visual indication of deactivated state.
Static permissions at the menu level are:
'view any contact'
'add/edit any contact'
'view any group'
'add add/edit group'
All five of these permissions are assigned by default (by module install script?) to the site's super-user (users.uid = 1) to ensure that SOMEONE has access to all data. The 'administer...' covers all local task under the Admin menu as well as Import.
Dynamic Group/contact access
Two permissions will be created automatically whenever a new Group is added.
'view $groupTitle members'
'edit $groupTitle members'
The edit permission will encompass editing the group properties as well as edit access for all members of the group. This permission also allows adding and removing group members - although 'add' is contingent on the user having 'edit' permission on the new contact being added.