Changes between Version 20 and Version 21 of BluePrintAuthenticationAccess


Ignore:
Timestamp:
01/09/09 08:17:38 (13 years ago)
Author:
Fran Boon
Comment:

Separate Requirements from Implementation

Legend:

Unmodified
Added
Removed
Modified
  • BluePrintAuthenticationAccess

    v20 v21  
    44Authorization provides controlled access to protected resources.
    55
     6=== Requirements ===
    67We want to be able to provide a simple way of setting the overall security policy - allowing for flexible deployment options.
    78 * Anonymous access is granted for all Read operations, with Create/Update/Delete requiring a user to be Authenticated
     
    1516  * C/R/U/D permissions distinct
    1617
     18The specification we should be working to implement is in the Wiki:
     19 * Proposed Trunk: http://wiki.sahana.lk/doku.php?id=dev:new_acl
     20 * Current Stable: http://wiki.sahana.lk/doku.php?id=dev:security
     21 * Old: http://wiki.sahana.lk/doku.php?id=dev:authorization
     22(NB The Vol module currently uses a separate method)
    1723
     24We also want to look at linking the AAA t2_person table with the Person Registry's person table
     25
     26S2 supports OpenID (as does Launchpad ;) ), so that would be good to support & looks easy:
     27 * http://openidenabled.com/python-openid/
     28
     29=== Implementation ===
    1830S3 builds on the default T2 AAA system:
    1931 * http://trac.sahana3.org/wiki/DeveloperGuidelinesAuthenticationAccess
     
    4052Membership of roles is controlled via the Many-to-Many table: {{{s3_roleholder}}}
    4153
    42 
    43 The specification we should be working to implement is in the Wiki:
    44  * Proposed Trunk: http://wiki.sahana.lk/doku.php?id=dev:new_acl
    45  * Current Stable: http://wiki.sahana.lk/doku.php?id=dev:security
    46  * Old: http://wiki.sahana.lk/doku.php?id=dev:authorization
    47 (NB The Vol module currently uses a separate method)
    48 
    49 We also want to look at linking the AAA t2_person table with the Person Registry's person table
    50 
    51 S2 supports OpenID (as does Launchpad ;) ), so that would be good to support & looks easy:
    52  * http://openidenabled.com/python-openid/
    53 
    5454T3 defines a simple {{{t2.is_admin}}} defined in {{{db.py}}}:
    5555{{{
     
    5959 * Function components protected with: {{{if not is_admin: t2.redirect('index',flash=T('Not Authorised'))}}}
    6060 * appadmin protected in the same way :)
    61 
     61=== Links ===
    6262 * Working with Realms, Users, Groups, and Roles: http://java.sun.com/javaee/5/docs/tutorial/doc/bnbxj.html
    6363 * Zope uses: {{{has_permission(permission_name, view_or_controller)}}} and/or {{{user.has_role(custom_role)}}} methods