| | 1 | = BluePrint for Authorization (alternative version) = |
| | 2 | |
| | 3 | == General model == |
| | 4 | |
| | 5 | Authorization is implemented for: |
| | 6 | |
| | 7 | - module access |
| | 8 | - controller access |
| | 9 | - table access (create/read/update/delete and custom method) |
| | 10 | - record access (create/read/update/delete and custom method) |
| | 11 | |
| | 12 | Authorization policy is implemented as: |
| | 13 | |
| | 14 | - if a method is not restricted, then it is accessible for everyone |
| | 15 | - if a method is restricted, then access must be explicitly granted, otherwise access is declined (Allow=>Deny order) |
| | 16 | |
| | 17 | Permissions are assigned to roles (not to individual users): |
| | 18 | |
| | 19 | - roles are stored in auth_group |
| | 20 | - admin role is auth_group 1 (cannot be modified) |
| | 21 | - all methods on everything are allowed for members of the admin role |
| | 22 | - roles are assigned to users by auth_membership |
| | 23 | - roles can be created after deployment |
| | 24 | - roles of the actual user are re-read from the DB and stored in the session once per HTTP request |
| | 25 | |
| | 26 | There are two pseudo-roles for record access: |
| | 27 | |
| | 28 | - author (=the author of the record) |
| | 29 | - editor (=the last author of the record) |
| | 30 | |
| | 31 | == Methods == |
| | 32 | |
| | 33 | Denial of access: |
| | 34 | |
| | 35 | - a method '''shn_unauthorized()''' realizes error notification and redirection as appropriate |
| | 36 | - non-interactive modes: |
| | 37 | - raise a HTTP error and a JSON error message |
| | 38 | - DO NOT REDIRECT! |
| | 39 | - interactive modes, one of: |
| | 40 | - redirect (e.g. to login) and and display an error message on the target page (acceptable) |
| | 41 | - raise a HTTP error and display an error page, provide redirection options from the error page (more RESTful) |
| | 42 | - shn_unauthorized() takes an optional error message as argument |
| | 43 | |
| | 44 | Module/Controller access: |
| | 45 | |
| | 46 | - access can be restricted inside the controllers using: |
| | 47 | - '''shn_has_role(role_name)''' which refers to the current user |
| | 48 | - shn_has_role() tests can be combined by '''and''', '''or''' and '''not''' |
| | 49 | |
| | 50 | Table/Record access: |
| | 51 | |
| | 52 | - table/record access can be restricted by: |
| | 53 | - '''shn_permit(table, method, role, id=None)''' adds role to the list of permitted roles for method on table/record |
| | 54 | - '''shn_deny(table, method, role, id=None)''' removes role from the list of permitted roles for method on table/record |
| | 55 | - '''shn_restrict(table, method, role, id=None)''' replaces the list of permitted roles for method on table/record with [role] |
| | 56 | - table/record access permission is tested by: |
| | 57 | - '''shn_has_permission(table, method, id=None)''', which returns True/False refering to the current user |
| | 58 | |
| | 59 | - record restrictions override table permissions |
| | 60 | - table restrictions override record permissions |
| | 61 | |
