| Version 1 (modified by , 14 years ago) ( diff ) |
|---|
BluePrint for Authorization
User Stories
- A Developer needs to be able to restrict access to a Module
- done: s3.modules (Add Controller check as well as menu check. Configure permissions in 000_config.py?)
- A Developer needs to be able to restrict access to a Function
- Decorator function - although it doesn't support OR (we could easily write our own function to do this, though)
- A Developer needs to be able to restrict access to a resource
- REST controller can be blocked via a Decorator
- Full security policy can be invoked, but this is painful/untested within S3 recently
- We could check for what other functions can access data? Sync. Hard to maintain though.
- Need a new method. Do all accesses go via S3XRC? If not, then needs to be a DAL-level method! Use the Web2Py 'full' for tables but not records?
- A Developer needs to be able to restrict access to a record
- Add 2 reusable multiple=True fields to each table which needs this:
reader_id&writer_idcombined aspermissions_id- Full backward compatibility since they default to None
- reader_id check as a new API function
- combine with the deleted==True check?
- makes it easier to then replace that check with an 'inactive' field which is a date instead of a boolean, so that records can be set to expire (as well as giving us easy access to know when a record was deleted)
- Option 1: Do the check alongside deleted as part of a big JOIN
def shn_accessible_query(user, table): """ Modified version of current function from models/01_crud.py """ deleted = (table.deleted == None) _memberships = db.auth_membership memberships = db(_memberships.user_id == user).select(_memberships.group_id) roles = [] for membership in memberships: roles.append(membership.group_id) if 1 in roles: # Admins see all data query = deleted else: # Fields with no restriction accessible = (table.reader_id == None) for role in roles: accessible = accessible & (table.reader_id == role) query = deleted & accessible return query def user_function: table = db[tablename] available = shn_accessible_query(user, table) query = available & query- Advantages:
- Combines the deleted into single API call
- Single JOIN for optimal DB performance
- Disadvantage:
- Can we deal with Multiple=True?
- Advantages:
- Option 2: Do the check in Python after the initial query has returned
- Advantage: Allows us to process the Multiple=True field properly
- Disadvantage: More records pulled from DB than necessary
- combine with the deleted==True check?
- writer_id check: All Write access goes via S3XRC so can be checked there (we can also develop an API call for Manual DAL access?)
- UI to manage the fields.
- We expect relatively few groups per instance, so can use the checkboxes widget?
- Have a single checkbox for 'Restrict access' which then opens out the 2 fields.
- Add 2 reusable multiple=True fields to each table which needs this:
- A Person's Subscriptions shouldn't be visible by default.
- Admin or themselves is OK
- This requires the default of adding 1 group per user!?
- Admin or themselves is OK
- A Person's Contacts shouldn't be visible by default.
- Authenticated is OK
- This requires all authenticated users to be added to the 'Authenticated' group
- Authenticated is OK
- An Admin should be able to restrict access to records to just those within a certain GIS location (e.g. Country or Region)
Note:
See TracWiki
for help on using the wiki.
