Changes between Version 60 and Version 61 of BluePrintAuthorization


Ignore:
Timestamp:
06/19/10 22:28:45 (11 years ago)
Author:
Fran Boon
Comment:

Store roles in session

Legend:

Unmodified
Added
Removed
Modified
  • BluePrintAuthorization

    v60 v61  
    11= !BluePrint for Authorization =
     2== Roles ==
     3Roles are stored in the {{auth_group}}.
     4
     5These have no links to the groups in {{{pr_group}}}.
     6
     7We are currently adopting a simplistic 3-tier approach of Person -> Role -> Permissions.
     8
     9We consider that the 4-tier approach of Person -> Group -> Role -> Permissions is unnecessarily complex for users, despite giving strong flexibility & the potential for advanced admins to move persons into roles in bulk & including future members of the group.
     10
     11Roles for the currently logged-in user are cached in the session for easy access throughout Model, Controllers & Views.
     12In {{{models/00_utils.py}}}:
     13{{{
     14def shn_sessions():
     15    ...
     16    roles = []
     17    try:
     18        user_id = auth.user.id
     19        _memberships = db.auth_membership
     20        memberships = db(_memberships.user_id == user_id).select(_memberships.group_id, cache=(cache.ram, 60)) # 60s cache
     21        for membership in memberships:
     22            roles.append(membership.group_id)
     23    except:
     24        # User not authenticated therefore has no roles other than '0'
     25        pass
     26    session.s3.roles = roles
     27}}}
    228== Restrictions ==
    329=== Module restriction ===