| 1 | = Access control = |
| 2 | |
| 3 | [[PageOutline]] |
| 4 | |
| 5 | == Use Cases == |
| 6 | |
| 7 | * A user means someone who is logged in. |
| 8 | * A visitor means someone is not logged in. |
| 9 | * An entity is the subject of a permission (either a user or a pseudo-user) |
| 10 | |
| 11 | 1. A visitor visits a package page and reads the content |
| 12 | |
| 13 | 2. A visitor visits a package page and edits the package |
| 14 | |
| 15 | 3+4: Ditto for a user |
| 16 | |
| 17 | 5. On package creation if done by a user and not a visitor then user is made the 'admin' |
| 18 | |
| 19 | 6. An admin of a package adds a user as an admin |
| 20 | |
| 21 | 7. An admin of a package removes a user as an admin |
| 22 | |
| 23 | 8. Ditto for admin re. editor |
| 24 | |
| 25 | 9. Ditto for admin re. reader |
| 26 | |
| 27 | 10. We wish to be able assign roles to 2 specific entire groups in addition to specific users: 'visitor', 'users'. These will be termed pseudo-users as we do not have AC 'groups' as such. |
| 28 | |
| 29 | 11. The sysadmin alters the assignment of entities to roles for any package |
| 30 | |
| 31 | 12. A visitor goes to a package where the editor role does not include 'visitor' pseudo-user. They are unable to edit the package. |
| 32 | |
| 33 | 13. Ditto for user where users pseudo-user does not have editor role and user is not an editor for the package |
| 34 | |
| 35 | 14+15: Ditto for above re reader role ... |
| 36 | |
| 37 | |
| 38 | == Optional == |
| 39 | |
| 40 | * Support for access-related groups |
| 41 | * Support for blacklisting |
| 42 | |
| 43 | |
| 44 | == Implementation == |
| 45 | |
| 46 | {{{ |
| 47 | Context |
| 48 | Entity ----> Roleckage | role | group |
| 49 | --------------------------- |
| 50 | xyz | admin | admin |
| 51 | xyz | edit | anonymous |
| 52 | xyz | read | anonmyous |
| 53 | xyz | purge | editor |
| 54 | |
| 55 | |
| 56 | Context |
| 57 | Role ----> Action/Permission/Capability (on an Object e.g. a Package) |
| 58 | }}} |
| 59 | |
| 60 | |
| 61 | Package level: |
| 62 | |
| 63 | * Package Roles: admin, editor, readerckage | role | group |
| 64 | --------------------------- |
| 65 | xyz | admin | admin |
| 66 | xyz | edit | anonymous |
| 67 | xyz | read | anonmyous |
| 68 | xyz | purge | editor |
| 69 | |
| 70 | * Entities: [email protected] (user), pseudo-users 'visitor' |
| 71 | * Assignment of entities to roles in a given context (the package) |
| 72 | * Roles give permissions (in a given context) |
| 73 | * admin -> update assignment to roles, delete package, plus editor |
| 74 | * editor -> update package plus reader |
| 75 | * reader -> read package |
| 76 | |
| 77 | System level permissions: |
| 78 | ckage | role | group |
| 79 | --------------------------- |
| 80 | xyz | admin | admin |
| 81 | xyz | edit | anonymous |
| 82 | xyz | read | anonmyous |
| 83 | xyz | purge | editor |
| 84 | |
| 85 | * Roles:?? |
| 86 | * create package |
| 87 | * update assignment of system level role |
| 88 | |
| 89 | === Determining permissions === |
| 90 | |
| 91 | {{{ |
| 92 | def is_allowed(name, action, context=None): |
| 93 | user = locate_user(name) |
| 94 | if not user: |
| 95 | # they are a visitor ... |
| 96 | |
| 97 | if context is None: |
| 98 | context = 'system' |
| 99 | contextroles = locate_roles(user, context) |
| 100 | if context != 'system': |
| 101 | sysrole = |
| 102 | if sysrole = 'sysadmin': |
| 103 | # can do anything ... |
| 104 | return True |
| 105 | for role in contextroles:ckage | role | group |
| 106 | --------------------------- |
| 107 | xyz | admin | admin |
| 108 | xyz | edit | anonymous |
| 109 | xyz | read | anonmyous |
| 110 | xyz | purge | editor |
| 111 | |
| 112 | # assuming 'ORing' of permissions |
| 113 | if role.is_allowed(action) |
| 114 | return True |
| 115 | if visitor: |
| 116 | visitor_role = locate_roles(visitor, context) |
| 117 | # check again |
| 118 | return False |
| 119 | }}} |
| 120 | ckage | role | group |
| 121 | --------------------------- |
| 122 | xyz | admin | admin |
| 123 | xyz | edit | anonymous |
| 124 | xyz | read | anonmyous |
| 125 | xyz | purge | editor |
| 126 | |
| 127 | === Initializing Permissions for a Package === |
| 128 | |
| 129 | when we create a package: visitor is given reader and editor roles automatically (ditto for user) |
| 130 | |
| 131 | === DB Sketch === |
| 132 | |
| 133 | {{{ |
| 134 | role-table |
| 135 | |
| 136 | name | context | action |
| 137 | admin| package | update |
| 138 | admin| package | update-permissions |
| 139 | admin| package | read |
| 140 | editor| package | update |
| 141 | editor| package | read |
| 142 | |
| 143 | user-role-table |
| 144 | |
| 145 | username | context_type | objectid | role |
| 146 | xyz | package | geonames | admin |
| 147 | rgrp | system | | admin |
| 148 | visitor | package | | reader |
| 149 | visitor | package | geonames | editor |
| 150 | visitor | package | geonames | reader |
| 151 | |
| 152 | }}} |