[[TOC]] = !BluePrint for Authorization (alternative version) = == General model == Authorization is implemented for the following methods: - module access - controller access - table access (create/read/update/delete and custom method) - record access (create/read/update/delete and custom method) Authorization policy is implemented as: - if a method is not restricted, then it is accessible for everyone - if a method is restricted, then permission must be explicitly granted, otherwise it is denied (Allow=>Deny order) Permissions are assigned to roles (not to individual users): - roles are stored in '''auth_group''' - '''admin''' role is auth_group 1 (cannot be modified) - membership in the admin role overrides any restrictions everywhere - roles are assigned to users by '''auth_membership''' - this can happen either through admin UI or implicitly (no admin interaction) - it must be possible to log this - additional roles can be created after deployment - this will usually happen implicitly, i.e. not through admin UI - does not require a generic UI solution - roles of the actual user are re-read from the DB and stored in the session once per HTTP request - caching of this re-reading needs a proper method for cache invalidation on update notification - do not implement caching unless it really makes us performance problems There are two pseudo-roles for record access: - author (=the author of the record) - editor (=the last author of the record) == Methods == Denial of access: - a method '''shn_unauthorized()''' realizes error notification and redirection as appropriate - non-interactive modes: - raise a HTTP error and a JSON error message - DO NOT REDIRECT! - interactive modes, one of: - redirect (e.g. to login) and and display an error message on the target page (acceptable) - raise a HTTP error and display an error page, provide redirection options from the error page (more RESTful) - shn_unauthorized() takes an optional error message as argument Module/Controller access: - access can be restricted inside the controllers using: - '''shn_has_role(role_name)''' which refers to the current user - shn_has_role() tests can be combined by '''and''', '''or''' and '''not''' Table/Record access: - table/record access can be restricted by: - '''shn_permit(table, method, role, id=None)''' adds role to the list of permitted roles for method on table/record - '''shn_deny(table, method, role, id=None)''' removes role from the list of permitted roles for method on table/record - '''shn_restrict(table, method, role, id=None)''' replaces the list of permitted roles for method on table/record with [role] - table/record access permission is tested by: - '''shn_permitted(table, method, id=None)''', which returns True/False refering to the current user - record restrictions override table permissions - table restrictions override record permissions ---- BluePrints