Changes between Version 51 and Version 52 of BluePrintAuthenticationAccess


Ignore:
Timestamp:
05/11/09 09:39:50 (13 years ago)
Author:
Fran Boon
Comment:

Authorization implementation

Legend:

Unmodified
Added
Removed
Modified
  • BluePrintAuthenticationAccess

    v51 v52  
    5858 * DeveloperGuidelinesAuthenticationAccess
    5959
    60 Anonymous access is currently granted for all Read operations, with Create/Update/Delete requiring a user to be Authenticated: {{{auth.is_logged_in()}}}
    61  * Web2Py can extend this by protecting resources with {{{auth.has_membership()}}} (table level security which can be separated for C/R/U/D) & {{{auth.has_permission()}}} (record-level security)
    62   * Field-level security example: http://groups.google.com/group/web2py/browse_thread/thread/e4b54f08ec6b66f9
    63  * we should probably support these by adding hooks into the [wiki:BluePrintREST RESTlike controller]
     60There are 2 modes for Authorisation right now:[[BR]]
     61 * simple: Anonymous access is currently granted for all Read operations, with Create/Update/Delete requiring a user to be Authenticated
     62 * full: Uses Web2Py's Role-Based Access Control for both table-level (can be separated for C/R/U/D) & record-level security (http://groups.google.com/group/web2py/browse_thread/thread/e4b54f08ec6b66f9)
     63
     64NB 'full' mode require each permission to be explicitly granted, so is currently difficult to administer.[[BR]]
     65This can be made easier by allowing all basic permissions to start with & then refining down from there:[[BR]]
     66 * {{{for table in db.tables: auth.add_permission(group_id,'read',db[table])}}}
     67
     68Whether a user is authorised or not is defined using {{{has_permission()}}} in {{{models/__db.py}}} & called by the [wiki:BluePrintREST RESTlike controller]
    6469
    6570We use {{{sahana_group}}} table for Roles & {{{sahana_membership}}} to show which roles a user has.