Changes between Version 29 and Version 30 of S3/S3AAA


Ignore:
Timestamp:
01/18/11 00:26:11 (11 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA

    v29 v30  
    131131== Implementation of Access Control ==
    132132
     133Permission checking is always a two-step process:
     134
     135  1. Check permission to access the controller/function
     136  2. Check permission to access the database table
     137
     138The first step is done at a central point, in {{{00_utils.py}}} before the models are loaded. If the ACLs, as defined for the current user, do not specify any permission for the target controller/function, then the request gets rejected before any models are loaded or the controller is entered.
     139
     140The second step has to be implemented in the respective controller functions. This can be done in two ways:
     141
     142  - the controller uses s3_rest_controller() with S3CRUD, or,
     143  - the controller uses auth.s3_has_permission() and/or auth.s3_accessible_query() to check permissions before exposing any data to the user
     144
    133145=== s3_has_permission ===
    134146