Changes between Version 42 and Version 43 of BluePrintAuthenticationAccess


Ignore:
Timestamp:
01/30/09 22:14:45 (16 years ago)
Author:
Fran Boon
Comment:

Web2Py's Auth now includes it's own sahana_events table with granular logging options, so we may wish to make use of this

Legend:

Unmodified
Added
Removed
Modified

  • BluePrintAuthenticationAccess

    v42 v43  
    4747
    4848Additional roles such as Country/Regional Admin, Organisation/Office/Camp Admin are set within the GIS/OR/CR modules respectively.
     49
    4950=== Implementation ===
    50 S3 builds on the default T2 AAA system:
     51S3 builds on the default Web2Py Auth system (in {{{gluon/tools.py}}}):
    5152 * DeveloperGuidelinesAuthenticationAccess
    5253
    53 Anonymous access is currently granted for all Read operations, with Create/Update/Delete requiring a user to be Authenticated: {{{t2.logged_in}}}
    54  * T2 can extend this by protecting resources with {{{t2.have_membership()}}} (table level security which can be separated for C/R/U/D) & {{{t2.have_access()}}} (record-level security)
     54Anonymous access is currently granted for all Read operations, with Create/Update/Delete requiring a user to be Authenticated: {{{auth.is_logged_in()}}}
     55 * Web2Py can extend this by protecting resources with {{{auth.has_membership()}}} (table level security which can be separated for C/R/U/D) & {{{auth.has_permission()}}} (record-level security)
    5556 * we should probably support these by adding hooks into the [wiki:BluePrintREST RESTlike controller]
    5657
    57 We use {{{t2_group}}} table for Roles & {{{t2_membership}}} to show which roles a user has.
    58  * roles initialised in {{{_db.py}}}
     58We use {{{sahana_group}}} table for Roles & {{{sahana_membership}}} to show which roles a user has.
     59 * admin role initialised in {{{_db.py}}}
    5960 * 1st user to register gets Administrator role
    60  * module writers need to add any required roles there
    6161
    6262We expose this as s3.roles so that it is accessible to Controllers & Views.[[BR]]
     
    7676STATUS: Complete apart from needing to get new_values back from the form after processing.[[BR]]
    7777The solution hooks the [wiki:BluePrintREST RESTlike controller] so anything which bypasses that is not logged (unless using the T2 fields: {{{created_by}}}, {{{updated_by}}}).[[BR]]
     78
    7879To do more would require patching the DAL.
    7980
     
    99100If each is ticked, this sets the {{{audit_write}}} & opens up an extra checkbox for 'Enable Auditing of Reads' (sets {{{audit_read}}}).
    100101
     102NB Web2Py's Auth now includes it's own sahana_events table with granular logging options, so we may wish to make use of this.
     103
    101104----
    102105BluePrints