[turba] Address Book Setup Questions

[Adam Tauno Williams]

> > 1. Compound field (and others) appearing in Advanced Search.
> > Since OGo supplies a firstname/lastname field I have a field in the
> > source defined like:
> > 'name' => array('fields' => array('firstname', 'lastname'),
> >                        'format' => '%s %s'),
> >  - which appears OK and works as the link to go from search results to
> > editing the record/object.
> > But "name" also appears in Advanced Search.  Is it possible to limit the
> > fields that appear in advanced search?  Since "name" isn't really a
> > field I can't search it;  it does appear greyd out in the edit and add
> > screens.
> > There are also other fields that cannot be searched but are available to
> > the user I would like to not appear in the Advanced Search form,  which
> > seems to just display all the fields.
> > I have a "search" stanza in the source config -
> >     'search' => array(
> >         'displayname',
> >         'firstname',
> >         'lastname',
> >     ),
> > - but it only limits the 'quick search' screen.
> Yup, that's how things currently work. Suggestions for the best way to  
> tweak this are welcome.

Ok,  for now I'll just inform the users of how it works.

An option in the source to also limit advanced search to the same fields
as quick search (just adding the ability to have qualifier multiple
fields) would be good for me.  Like - 
     'restrictedSearchFields' => true
 - would be plenty.

> > 2. Permissions
> > I pretty sure this isn't possible,  but is there a way to signal the
> > user interface (perhaps via an attribute) that an object is read-only
> > and cannot be edited by the the user?  (Sort of like "__owner" divides
> > up an single source for multiple users.)  I noticed that the abstract
> > Turba Driver class has a hasPermission permission, but it only applies
> > to sources/shares (?) [ I'm unclear as the possible values of $perm for
> > hasPermission($perm) ].
> Right; permissions are on a share level, though the Creator permission  
> might (_might_) fit here. Are you sure you have objects that are  
> readonly mixed with fully editable ones in the same share? Seems a bit  
> confusing.

Permissions (ACLs) can be applied on a per-object (person, company,
project, etc...) basis in the server.  There is an RPC call whereby on
can check if an operation is allowed;  in our CRM application, for
instance, we just grey-out/disable the submit button for objects the
user doesn't have the permission to update.  (For instance, corporate
contacts the sales manager wants to distribute but only allow the
customer account management team to alter;  it can get pretty specific).

I can just throw an error if they try to update a contact without
permissions.  Just wanted to make sure there wasn't a better way.