Changes between Version 309 and Version 310 of Event/2011/GCI


Ignore:
Timestamp:
01/15/12 10:47:05 (10 years ago)
Author:
Pat Tressel
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Event/2011/GCI

    v309 v310  
    232232See http://logs.sahanafoundation.org/sahana-eden/2012-01-15.txt starting at about 08:12:16.
    233233A few notes:
    234  * This requires installing your own copy of Sahana Eden, since the version running at demo.eden.sahanafoundation.org has security set to the lowest level. When you have Eden installed and have copied the configuration file deployment-templates/models/000_config.py to models/000_config.py, edit your copy of models/000_config.py. Search for and un-comment the line that says "deployment_settings.security.policy = 6". That will set the security level to a high level.
     234 * This requires installing your own copy of Sahana Eden, since the version running at demo.eden.sahanafoundation.org has security set to the lowest level. When you have Eden installed and have copied the configuration file deployment-templates/models/000_config.py to models/000_config.py, edit your copy of models/000_config.py. Search for and un-comment the line (i.e. remove the # that's in front) that says "deployment_settings.security.policy = 6", and change the 6 to 7. That will set the security level to a high level.
    235235 * How security works is described here: http://eden.sahanafoundation.org/wiki/S3AAA
    236236  * Most access restrictions are handled through "access control lists" (ACLs) on modules, database tables, and fields. Anything handled this was does not need explicit tests in the controller code, but you may still find some explicit tests for authorization in the module's controller file or in its model file.
     237  * The code that handles access is in: modules/s3/s3aaa.py
     238  * Code that sets the default values for ACLs is in: models/zzz_1st_roles.py
    237239 * Appropriate modules to work on are those with multiple tables (and thus multiple forms) and where some data is restricted to particular "roles". Some suggested modules are: hms, hsm, org, asset, supply.
    238240 * You'll need to both read the code, to see what roles have permission to do various operations, and try out the various form operations: reading, creating, and editing records.