Changes between Version 7 and Version 8 of S3/S3AAA


Ignore:
Timestamp:
01/17/11 09:39:57 (11 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA

    v7 v8  
    1818  ||Admin controllers||controllers/admin.py||User Management, role management||
    1919
     20== Authentication ==
     21
     22=== Current user ===
     23
     24=== Interactive Login ===
     25
     26=== HTTP Simple Authentication ===
     27
    2028== Roles ==
    2129
     30Access permissions are granted to roles, i.e. to get a particular permission the user must be assigned a role with this permission.
     31
     32Roles are defined in the {{{auth_group}}} table. This table is defined by the {{{AuthS3}}} module in {{{modules/s3/s3aaa.py}}}. Each role as an ID, a unique name and can have a description.
     33
     34At the start of every request, the IDs of all roles of the currently logged-in user are stored as list in {{{session.s3.roles}}} (in {{{models/00_utils.py}}}. In cases where the user is logged-in during the request (e.g. by HTTP simple auth), a refresh of this list is also triggered by the {{{login_bare()}}} method of {{{AuthS3}}}.
     35
     36Roles can be managed in the {{{S3RoleManager}}} interface (Administration => User Management => Roles).
     37
    2238== ACLs ==
     39
     40Access Control Lists (ACLs) are bit arrays with each bit representing a permissions to access data with a particular method:
     41
     42  ||'''Bit'''||'''Value'''||'''Permission'''||
     43  ||auth.permission.CREATE||0x0001||may create new records||
     44  ||auth.permission.READ||0x0002||may read or list records||
     45  ||auth.permission.UPDATE||0x0004||may update existing records||
     46  ||auth.permission.DELETE||0x0008||may delete records||
     47
     48ACLs are combinations of these bits (by logical OR), e.g. an ACL with the value 0x0006 defines permissions to read and update records, while no permission to add or to delete any records.
     49
     50ACLs are stored per role and request destination in the {{{s3_permission}}} table, which is defined by the {{{S3Permission}}} class (in {{{modules/s3/s3aaa.py}}}).
    2351
    2452=== Record Ownership ===
     
    3664== Data Access Logging (Audit) ==
    3765
    38 == Authentication ==
    39 
    40 === Interactive Login ===
    41 
    42 === HTTP Simple Authentication ===
    43 
    4466----
    4567[wiki:DeveloperGuidelinesS3Framework]