Changes between Version 52 and Version 53 of BluePrintAuthenticationAccess
- Timestamp:
- 05/11/09 10:32:24 (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BluePrintAuthenticationAccess
v52 v53 60 60 There are 2 modes for Authorisation right now:[[BR]] 61 61 * simple: Anonymous access is currently granted for all Read operations, with Create/Update/Delete requiring a user to be Authenticated 62 * full: Uses Web2Py's Role-Based Access Control for both table-level (can be separated for C/R/U/D) & record-level security (http://groups.google.com/group/web2py/browse_thread/thread/e4b54f08ec6b66f9) 62 * full: Uses Web2Py's Role-Based Access Control for table-level control (can be separated for C/R/U/D) 63 * Record-level security to be integrated: http://groups.google.com/group/web2py/browse_thread/thread/e4b54f08ec6b66f9 63 64 64 NB 'full' mode require each permission to be explicitly granted, so is currently difficult to administer.[[BR]] 65 This can be made easier by allowing all basic permissions to start with & then refining down from there:[[BR]] 66 * {{{for table in db.tables: auth.add_permission(group_id,'read',db[table])}}} 65 NB 'full' mode requires each permission to be explicitly granted, so we default to having all registered users as 'Readers' & only 'Administrators' being able to Create/Update/Delete. Administrators can manually add other users to 'Editors' if-required.[[BR]] 66 Modules can provide further restrictions in {{{models/zzz.py}}} 67 67 68 68 Whether a user is authorised or not is defined using {{{has_permission()}}} in {{{models/__db.py}}} & called by the [wiki:BluePrintREST RESTlike controller]
