Changes between Version 12 and Version 13 of BluePrintAuthorization
- Timestamp:
- 06/18/10 21:04:35 (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BluePrintAuthorization
v12 v13 16 16 17 17 deployment_settings_modules = Storage( 18 name = "gis", 19 name_nice = "Mapping", 20 description = "Situation Awareness & Geospatial Analysis", 21 readable = None, # All Users (inc Anonymous) can see this module in the default menu & access the controller 22 writable = None, # All Authenticated users can edit resources which aren't specially protected 23 module_type = 2, # Used to locate the module in the default menu 24 resource_readable = Storage( 25 apikey = 1, # This resource is only visible to Administrators 26 ) 27 resource_writable = Storage( 28 layer_js = deployment_settings.auth.roles["AdvancedJS"], # This resource requires the 'AdvancedJS' role to edit (or admin) 29 ) 18 gis = Storage( 19 name_nice = "Mapping", 20 description = "Situation Awareness & Geospatial Analysis", 21 readable = None, # All Users (inc Anonymous) can see this module in the default menu & access the controller 22 writable = None, # All Authenticated users can edit resources which aren't specially protected 23 module_type = 2, # Used to locate the module in the default menu 24 resource_readable = Storage( 25 apikey = 1, # This resource is only visible to Administrators 26 ) 27 resource_writable = Storage( 28 layer_js = deployment_settings.auth.roles["AdvancedJS"], # This resource requires the 'AdvancedJS' role to edit (or admin) 29 ) 30 ), 31 ... 30 32 ) 31 33 }}} 34 32 35 * A Developer needs to be able to restrict access to a Function 33 36 * ~~Decorator function : @auth.requires_membership("Administrator")~~ 34 37 * doesn't support OR (we could easily write our own function to do this, though) 38 35 39 * A Developer needs to be able to restrict access to a resource 36 40 * REST controller can be blocked via a Decorator … … 38 42 * We could check for what other functions can access data? Sync. Hard to maintain though. 39 43 * Need a new method: open by default & restricted manually 40 * Do all accesses go via S3XRC? If not, then needs to be a DAL-level method!44 * Needs to be a DAL-level method since not all accesses go via S3XRC. 41 45 * Use an {{{auth_permission}}} table similar to Web2Py 'full' for tables? 42 * Set within {{{000_config.py))), along with module permisisons? 46 * Set within {{{000_config.py))), along with module permissions? 47 43 48 * A Developer needs to be able to restrict access to a record 44 49 * Add 2 reusable {{{multiple=True}}} fields to each table which needs this: {{{reader_id}}} & {{{writer_id}}} combined as {{{permissions_id}}}