Can notifications created by a higher user be deleted by a lower user?

gmlmaino3 days ago

Hello, how are you, conceptual question, doing a test with permissions in notifications, I created a user1 who is not an administrator, but has the possibility of creating other users and other functions, I created a user2, and assigned him a notification that I created with user1 Let's just say he can see his notifications, but here, my conceptual question, user 2 can delete the notification that was assigned to him, so far so good, but he also deletes the notification for user1 Whoever created it, I understood that from the test I did, there is something I did wrong that allowed me to do that, because for example if I do the same with a calculated attribute, it doesn't let me eliminate it with user 2, telling me that I don't have permissions, why then yes for notification and not for example computed attributes.
I appreciate if someone can explain a little more, thank you

gmlmaino3 days ago

Clarification, if user 1 were an admin user, an inferred user can also delete notifications

Anton Tananaev3 days ago

It sounds like you assigned the same notification instance to both users. What you probably want to do is have a separate notification instance per user, so when delete it, they only delete their own one.

gmlmaino3 days ago

Sure, I understand, but then, if I want to assign 1 notification that I created as a user to 200 users and that they can also manage theirs, if they delete the one that I created, they delete it to all the users that I attributed the notification to, and The question went a little further, because that does not happen with, for example, computed attributes.

Anton Tananaev3 days ago

Same thing will happen with computed attributes. If you share some object with a user and they delete it, it's deleted for everyone.

Richard Acosta2 days ago

That behavior is wrong...

A non privileged user should only be able to delete HIS instance of whatever resource.
Or in any case, disable it for himself.

This behavior then, is what I'm having with notifications, whenever a user makes changes, every other user sees it..
And you always blamed me for doing something wrong, when IS TRACCAR DEFAULT BEHAVIOR... AND IS WRONG!

COME ON!

RastreameMX13 hours ago

@Richard Acosta

As i can see since i started to use Traccar, this system is oriented to share everything with everything (devices with users, items with users with devices, etc...). As i can interpret, in Traccar are only Administrator and everything else. It's not a system oriented to be two or three individual user level system. Traccar is very stable and compatible, but perhaps its worst flaw is that it is not a system designed to be managed at different levels.

In our particular use, we hide everything that user can create and "alter" and could affect another users (like creation of calendars, maintenances, geofences, notifications...). We manage that by request of our users, and we assign each item to each user. The only "item" user can create and manage, is on Manager accounts by creating "read only" accounts as "mirror accounts" (in México logistic enterprises calls mirror accounts to read only accounts where driver shares their location with them).

We have modified web template to allow Manage users only to create read only accounts (the unique parameter customizable is viewing of reports or not), we use 4 digit identifier on beggining of all our users, and in creation of enrolled read only account from manager account, that 4 digit are added automatically on beggining of name. Beyond that, we manage everything on each user, and that's the way we have found to use Traccar by a reliable way.

We would like to offer, by example, the ability to each user to create their own geofences, or each user could create their own notifications. But as Traccar doesn't uses identifiers on geofences other than the id, and everything is by correlational table on database, we wouldn't like to have our database with countless items created by users, as we cannot know what user created what, and any users watching items created by any other users.

From my perspective, it is very difficult to implement a second or third level, since the entire Traccar operating base is through correlation tables, and if the database structure were altered, it would be very complicated to adapt it for each new update. By our side, we are working on a secondary system that connects through the Traccar API to manage all these items by levels.

Currently we already have one to create "trips" with a start and end position, and to be able to calculate the distance traveled, hours, total fuel consumed, average fuel, average temperature, fuel theft detection, etc of that particular "trip".

My recommendation would be to create connections through the API to secondary platforms to create and manage the items.