Changes between Version 309 and Version 310 of Event/2011/GCI
- Timestamp:
- 01/15/12 10:47:05 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Event/2011/GCI
v309 v310 232 232 See http://logs.sahanafoundation.org/sahana-eden/2012-01-15.txt starting at about 08:12:16. 233 233 A few notes: 234 * This requires installing your own copy of Sahana Eden, since the version running at demo.eden.sahanafoundation.org has security set to the lowest level. When you have Eden installed and have copied the configuration file deployment-templates/models/000_config.py to models/000_config.py, edit your copy of models/000_config.py. Search for and un-comment the line that says "deployment_settings.security.policy = 6". That will set the security level to a high level.234 * This requires installing your own copy of Sahana Eden, since the version running at demo.eden.sahanafoundation.org has security set to the lowest level. When you have Eden installed and have copied the configuration file deployment-templates/models/000_config.py to models/000_config.py, edit your copy of models/000_config.py. Search for and un-comment the line (i.e. remove the # that's in front) that says "deployment_settings.security.policy = 6", and change the 6 to 7. That will set the security level to a high level. 235 235 * How security works is described here: http://eden.sahanafoundation.org/wiki/S3AAA 236 236 * Most access restrictions are handled through "access control lists" (ACLs) on modules, database tables, and fields. Anything handled this was does not need explicit tests in the controller code, but you may still find some explicit tests for authorization in the module's controller file or in its model file. 237 * The code that handles access is in: modules/s3/s3aaa.py 238 * Code that sets the default values for ACLs is in: models/zzz_1st_roles.py 237 239 * Appropriate modules to work on are those with multiple tables (and thus multiple forms) and where some data is restricted to particular "roles". Some suggested modules are: hms, hsm, org, asset, supply. 238 240 * You'll need to both read the code, to see what roles have permission to do various operations, and try out the various form operations: reading, creating, and editing records.