Changes between Version 52 and Version 53 of BluePrintAuthenticationAccess


Ignore:
Timestamp:
05/11/09 10:32:24 (13 years ago)
Author:
Fran Boon
Comment:

Authorization implementation

Legend:

Unmodified
Added
Removed
Modified
  • BluePrintAuthenticationAccess

    v52 v53  
    6060There are 2 modes for Authorisation right now:[[BR]]
    6161 * simple: Anonymous access is currently granted for all Read operations, with Create/Update/Delete requiring a user to be Authenticated
    62  * full: Uses Web2Py's Role-Based Access Control for both table-level (can be separated for C/R/U/D) & record-level security (http://groups.google.com/group/web2py/browse_thread/thread/e4b54f08ec6b66f9)
     62 * full: Uses Web2Py's Role-Based Access Control for table-level control (can be separated for C/R/U/D)
     63 * Record-level security to be integrated: http://groups.google.com/group/web2py/browse_thread/thread/e4b54f08ec6b66f9
    6364
    64 NB 'full' mode require each permission to be explicitly granted, so is currently difficult to administer.[[BR]]
    65 This can be made easier by allowing all basic permissions to start with & then refining down from there:[[BR]]
    66  * {{{for table in db.tables: auth.add_permission(group_id,'read',db[table])}}}
     65NB 'full' mode requires each permission to be explicitly granted, so we default to having all registered users as 'Readers' & only 'Administrators' being able to Create/Update/Delete. Administrators can manually add other users to 'Editors' if-required.[[BR]]
     66Modules can provide further restrictions in {{{models/zzz.py}}}
    6767
    6868Whether a user is authorised or not is defined using {{{has_permission()}}} in {{{models/__db.py}}} & called by the [wiki:BluePrintREST RESTlike controller]