| Version 8 (modified by , 16 years ago) ( diff ) |
|---|
This page hosts the detailed specification for the Blueprint for the Authentication & Access.
S3 currently uses the default T2 AAA system at a very basic level: t2.logged_in
However this won't be appropriate for all deployment scenarios. The specification we should be working to implement is in the Wiki:
(NB Sahana is about to change AAA method to it's 3rd & the Vol module currently uses a separate method)
This should (mostly?) be possible using other T2 methods:
t2.have_membership()t2.have_access()
T3 defines a simple t2.is_admin check in db.py:
is_admin=(t2.logged_in and (not settings.administrator_emails or t2.person_email in settings.administrator_emails)) t2.is_admin=is_admin
This should probably be done by hooking into the RESTlike controller
We also want to look at linking the AAA t2_person table with the Person Registry's person table
S2 supports OpenID (as does Launchpad ;) ), so that would be good to support & looks easy:
Look at T3 for AAA:
- protect function components with:
if not is_admin: t2.redirect('index',flash=T('Not Authorised')) - appadmin protected in the same way :)
