Changes between Version 10 and Version 11 of BluePrintAuthorization


Ignore:
Timestamp:
06/18/10 20:53:43 (14 years ago)
Author:
Fran Boon
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • BluePrintAuthorization

    v10 v11  
    3131}}}
    3232 * A Developer needs to be able to restrict access to a Function
    33   * Decorator function - although it doesn't support OR (we could easily write our own function to do this, though)
     33  * ~~Decorator function : @auth.requires_membership("Administrator")~~
     34   * doesn't support OR (we could easily write our own function to do this, though)
    3435 * A Developer needs to be able to restrict access to a resource
    3536  * REST controller can be blocked via a Decorator
    36   * Full security policy can be invoked, but this is painful (based on protected by default & granted, whereas we want open by default & restricted)/untested within S3 recently
     37  * Full security policy can be invoked, but this is painful (based on protected by default & granted manually) & untested within S3 recently
    3738  * We could check for what other functions can access data? Sync. Hard to maintain though.
    38   * Need a new method. Do all accesses go via S3XRC? If not, then needs to be a DAL-level method! Use an auth_permission table like Web2Py 'full' for tables? Set within 000_config.py, along with modules?
     39  * Need a new method: open by default & restricted manually
     40   * Do all accesses go via S3XRC? If not, then needs to be a DAL-level method!
     41   * Use an {{{auth_permission}}} table similar to Web2Py 'full' for tables?
     42   * Set within {{{000_config.py))), along with module permisisons?
    3943 * A Developer needs to be able to restrict access to a record
    40   * Add 2 reusable multiple=True fields to each table which needs this: {{{reader_id}}} & {{{writer_id}}} combined as {{{permissions_id}}}
     44  * Add 2 reusable {{{multiple=True}}} fields to each table which needs this: {{{reader_id}}} & {{{writer_id}}} combined as {{{permissions_id}}}
    4145   * Full backward compatibility since they default to None
    42   * reader_id check as a new API function
    43    * combine with the deleted==True check?
     46  * reader_id checked with a new API function
     47   * combine with the {{{deleted==True}}} check?
    4448    * makes it easier to then replace that check with an 'inactive' field which is a date instead of a boolean, so that records can be set to expire (as well as giving us easy access to know when a record was deleted)
    4549   * Option 1: Do the check alongside deleted as part of a big JOIN