Forum OpenACS Development: Re: Porting Project/Open (Intranet Module) to OpenACS 5.0

I think we're starting to touch the intersting point: In the whole P/O there is (currently):
- No object that you need to comment on and
- No object that needs uploads
Categorization may be an interesting feature however.

In contrast, permissions for many objects are extremely complicated. Here is the example of a "Customer":

Rules to access a CustomerViewPage: Allowed are:
- Administrators
- General Management
- The customer himself, but no other customer
- Employees can only see the name of the customer, but nothing more, except they are assigned to the customer as a key account manager
- The project managers of projects for this customer while the project is "open".
- No freelancers at all
- Accountants have access the financial information, but have no access to CRM and presales information

When accessing the _Project_ListPage:
- Admins and GMs see everything
- Freelancers can see the project, but don't see who is the customer

Whe accessing the Incident Tracker:
- Messages posted by a customer are only visible for the project manager
- Messages posted by freelancers are visible for employees and the PM, but not to customers.

... and so on. Don't tell me that's fashist rules, that's from a very cometitive environment where employees walk out of a company and take their customers with them... So how would you implement that?

Actually, I used to have permission controlling code on every page, but recently I've started to write "access_matrix" routines that return something like "can_see_customer_p" and "can_edit_customer_p".

I hope that helps to understand the situation. I would definitely be greatful for silver bullet type of solutions...

Frank