CKAN: Ticket #114: Access Control - model http://localhost/ticket/114 <p> Create in the model basic operation of Access Control. </p> <p> roles table </p> <p> name | context | action </p> <hr /> <p> admin| package | edit admin| package | edit-permissions admin| package | read editor| package | update editor| package | read reader| package | read This data is set-up on db init and will have no interface. </p> <p> user-roles table: </p> <p> username | context_type | objectid | role rgrp | system | n/a | admin visitor | package | * | reader bob | package | geonames | admin visitor | package | geonames | editor visitor | package | geonames | reader john | group | ukgov | admin dread | group | ukgov | editor visitor | group | ukgov | reader This data will be added when someone is given permissions for the system, a package or a group. </p> <p> Pseudo code: </p> <p> class Package </p> <blockquote> <p> def is_allowed(name, action): </p> <blockquote> <p> is_allowed(name, action, context=self) </p> </blockquote> </blockquote> <p> class Group </p> <blockquote> <p> def is_allowed(name, action): </p> <blockquote> <p> is_allowed(name, action, context=self) </p> </blockquote> </blockquote> <p> def is_allowed(name, action, context=None): <strong> name: string - a username or IP for 'visitor' </strong></p> <blockquote> <p> action: string - 'read', 'edit', 'delete', 'edit-permissions' context: object - a Group or a Package or None (which means system) </strong></p> </blockquote> <p> <strong> </p> <blockquote> <p> # look up user from name. # look up in user-roles table what roles this user has for this context. # for each roles, look up in roles table what actions are allowed. # return True if action is allowed, else False. </p> </blockquote> en-us CKAN http://assets.okfn.org/p/ckan/img/ckan_logo_shortname.png http://localhost/ticket/114 Trac 0.12.3 dread Thu, 10 Sep 2009 08:21:37 GMT description changed http://localhost/ticket/114#comment:1 http://localhost/ticket/114#comment:1 <ul> <li><strong>description</strong> modified (<a href="/ticket/114?action=diff&amp;version=1">diff</a>) </li> </ul> Ticket dread Tue, 15 Sep 2009 17:08:49 GMT status changed; resolution set http://localhost/ticket/114#comment:2 http://localhost/ticket/114#comment:2 <ul> <li><strong>status</strong> changed from <em>new</em> to <em>closed</em> </li> <li><strong>resolution</strong> set to <em>fixed</em> </li> </ul> <p> Done in cset:895ae4371377. Remaining problem in WUI for revision purging. Have not implemented functionality to cope with blank objectid in user-roles table. Adding group access control will be in future ticket. </p> Ticket