[development] Some questions about "best practices" for a module in development...
jens at reinemuth.info
Tue Dec 30 10:35:05 UTC 2008
i'm currently porting a module which was originally written as a
stand-alone-app to drupal 6.x
The main purpose of this module is to provide a kind of management suite
to confederations, "vereine" or even political parties.
So one of the key-features is a "member-management" that is able to
group all members into their "role" in the hole thing. If you found a
"verein" in germany it consitsts typically of 5 "board members":
- "secretary general"
To garantee absolut data-security, only "secretary general" and "bursar"
should be able to view the whole data of each member, bursar even their
finacial data for cash things. But the bursar should then only be able
to edit those financial infos while the "secretary general" should be
able to change the rest...
All others should only be able to see the name of the member (and some
anonymous stats) and send them mails or messages via the drupal system.
In the standalone app i realized that by using db-views an a simple
rights-table that mapped those views (name_show = true / name_edit =
false / address_show = false)...
Because of this kind of "tree-rights-management" this does not seem to
be mapped via roles to a drupal system, right?
Im looking for the best solution to this problem so i don't have to
reinvent the wheel ;-)
Please remember that data-security has absolute priority. Therefor i
have some more questions:
- Is it possible to access "encrypted" tables via drupal-modules (mySQL,
external DB, DB-File encrypted??) It should never be possible to get
access to the data from outside the drupal-page!
- I would like to verify the addressdata via a DB-Table containing all
cites and their postal-code in germany (i MUST NOT query Google or
somthing with anonymous member data). The Table is too large (~10MB) to
paste its content in the *.install file. How do i import such a great
SQL-Statement at install step? Via "system" or "exec" ?
- To guarantee the data-security it should be possible, that only the
according group (?? you know there may be "Country" - "Department" -
"City") should have the data of this member. All Groups above will only
get the count of members and a "checksum" so this one can't be part in
more than one group. (checksum consists of md5(birthday, name, given
name and gender) which should not change very often).
Lots of problems ;-)
More information about the development