| | 1 | = !BluePrint for Authorization = |
| | 2 | == User Stories == |
| | 3 | * A Developer needs to be able to restrict access to a Module |
| | 4 | * done: s3.modules (Add Controller check as well as menu check. Configure permissions in 000_config.py?) |
| | 5 | * A Developer needs to be able to restrict access to a Function |
| | 6 | * Decorator function - although it doesn't support OR (we could easily write our own function to do this, though) |
| | 7 | * A Developer needs to be able to restrict access to a resource |
| | 8 | * REST controller can be blocked via a Decorator |
| | 9 | * Full security policy can be invoked, but this is painful/untested within S3 recently |
| | 10 | * We could check for what other functions can access data? Sync. Hard to maintain though. |
| | 11 | * Need a new method. Do all accesses go via S3XRC? If not, then needs to be a DAL-level method! Use the Web2Py 'full' for tables but not records? |
| | 12 | * A Developer needs to be able to restrict access to a record |
| | 13 | * Add 2 reusable multiple=True fields to each table which needs this: {{{reader_id}}} & {{{writer_id}}} combined as {{{permissions_id}}} |
| | 14 | * Full backward compatibility since they default to None |
| | 15 | * reader_id check as a new API function |
| | 16 | * combine with the deleted==True check? |
| | 17 | * makes it easier to then replace that check with an 'inactive' field which is a date instead of a boolean, so that records can be set to expire (as well as giving us easy access to know when a record was deleted) |
| | 18 | * Option 1: Do the check alongside deleted as part of a big JOIN |
| | 19 | {{{ |
| | 20 | def shn_accessible_query(user, table): |
| | 21 | """ Modified version of current function from models/01_crud.py """ |
| | 22 | |
| | 23 | deleted = (table.deleted == None) |
| | 24 | |
| | 25 | _memberships = db.auth_membership |
| | 26 | memberships = db(_memberships.user_id == user).select(_memberships.group_id) |
| | 27 | roles = [] |
| | 28 | for membership in memberships: |
| | 29 | roles.append(membership.group_id) |
| | 30 | |
| | 31 | if 1 in roles: |
| | 32 | # Admins see all data |
| | 33 | query = deleted |
| | 34 | else: |
| | 35 | # Fields with no restriction |
| | 36 | accessible = (table.reader_id == None) |
| | 37 | for role in roles: |
| | 38 | accessible = accessible & (table.reader_id == role) |
| | 39 | query = deleted & accessible |
| | 40 | return query |
| | 41 | |
| | 42 | def user_function: |
| | 43 | table = db[tablename] |
| | 44 | available = shn_accessible_query(user, table) |
| | 45 | query = available & query |
| | 46 | }}} |
| | 47 | * Advantages: |
| | 48 | * Combines the deleted into single API call |
| | 49 | * Single JOIN for optimal DB performance |
| | 50 | * Disadvantage: |
| | 51 | * Can we deal with Multiple=True? |
| | 52 | * Option 2: Do the check in Python after the initial query has returned |
| | 53 | * Advantage: Allows us to process the Multiple=True field properly |
| | 54 | * Disadvantage: More records pulled from DB than necessary |
| | 55 | * writer_id check: All Write access goes via S3XRC so can be checked there (we can also develop an API call for Manual DAL access?) |
| | 56 | * UI to manage the fields. |
| | 57 | * We expect relatively few groups per instance, so can use the checkboxes widget? |
| | 58 | * Have a single checkbox for 'Restrict access' which then opens out the 2 fields. |
| | 59 | * A Person's Subscriptions shouldn't be visible by default. |
| | 60 | * Admin or themselves is OK |
| | 61 | * This requires the default of adding 1 group per user!? |
| | 62 | * A Person's Contacts shouldn't be visible by default. |
| | 63 | * Authenticated is OK |
| | 64 | * This requires all authenticated users to be added to the 'Authenticated' group |
| | 65 | * An Admin should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region) |
| | 66 | ---- |
| | 67 | BluePrintAuthenticationAccess |
| | 68 | |
| | 69 | BluePrints |
