= !BluePrint for Authorization = == User Stories == * A Developer needs to be able to restrict access to a Module * ~~s3.modules in {{{01_modules.py}}}~~ * Add Controller check as well as menu check. * Configure permissions in {{{000_config.py}}} instead of {{{01_modules.py}}}? * A Developer needs to be able to restrict access to a Function * Decorator function - although it doesn't support OR (we could easily write our own function to do this, though) * A Developer needs to be able to restrict access to a resource * REST controller can be blocked via a Decorator * Full security policy can be invoked, but this is painful/untested within S3 recently * We could check for what other functions can access data? Sync. Hard to maintain though. * Need a new method. Do all accesses go via S3XRC? If not, then needs to be a DAL-level method! Use the Web2Py 'full' for tables but not records? * A Developer needs to be able to restrict access to a record * Add 2 reusable multiple=True fields to each table which needs this: {{{reader_id}}} & {{{writer_id}}} combined as {{{permissions_id}}} * Full backward compatibility since they default to None * reader_id check as a new API function * combine with the deleted==True check? * makes it easier to then replace that check with an 'inactive' field which is a date instead of a boolean, so that records can be set to expire (as well as giving us easy access to know when a record was deleted) * Option 1: Do the check alongside deleted as part of a big JOIN {{{ def shn_accessible_query(user, table): """ Modified version of current function from models/01_crud.py """ deleted = (table.deleted == None) _memberships = db.auth_membership memberships = db(_memberships.user_id == user).select(_memberships.group_id) roles = [] for membership in memberships: roles.append(membership.group_id) if 1 in roles: # Admins see all data query = deleted else: # Fields with no restriction accessible = (table.reader_id == None) for role in roles: #accessible = accessible & (table.reader_id == str(role)) & (table.reader_id.like('%d|%' % role)) & (table.reader_id.like('%|%d|%' % role)) & (table.reader_id.like('%|%d' % role)) accessible = accessible & (table.reader_id.like('%|%d|%' % role)) query = deleted & accessible return query def user_function: table = db[tablename] available = shn_accessible_query(user, table) query = available & query }}} * Advantages: * Combines the deleted into single API call * Single JOIN for optimal DB performance (Assumption needs testing) * Option 2: Do the check in Python after the initial query has returned * Advantage: Might have better performance than complex DB string? * Disadvantage: More records pulled from DB than necessary * writer_id check: All Write access goes via S3XRC so can be checked there (we can also develop an API call for Manual DAL access?) * UI to manage the fields. * We expect relatively few groups per instance, so can use the checkboxes widget? * Have a single checkbox for 'Restrict access' which then opens out the 2 fields. === Specific Examples === * A Person's Contacts shouldn't be visible by default. * Authenticated is OK * Simply add the Authenticated group (2) to the table (or records in the table?) * ~~This requires all authenticated users to be added to the 'Authenticated' group~~ * A Person's Subscriptions shouldn't be visible by default. * Admin or themselves is OK * This requires the default of adding 1 group per user!? * An Admin should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region) * If access to a record is restricted then access to messages relating to that record should also be restricted * unless routed somewhere visible as well! * onaccept on message routing (tagging) to check if the only tags are on restricted resources...if they are then restrict the message too. ---- BluePrintAuthenticationAccess BluePrints