Changes between Version 5 and Version 6 of AccessControl


Ignore:
Timestamp:
02/18/10 10:53:27 (4 years ago)
Author:
dread
Comment:

Added summary at top

Legend:

Unmodified
Added
Removed
Modified

  • AccessControl

    v5 v6  
    22 
    33[[PageOutline]] 
     4 
     5== Summary of Design == 
     6 
     7=== user-role table === 
     8 
     9Each package or group has a list of users and their roles. These are set from the 'authorization' tab of a package/group (assuming you are an 'admin' for the particular package/group). 
     10 
     11Example 1: Package 'paper-industry-stats': 
     12          * David Brent is 'admin' 
     13          * Gareth Keenan is 'editor' 
     14          * Logged-in is 'editor' (This is a special user, meaning 'anyone who is logged in') 
     15          * Visitor is 'editor' (Another special user, meaning 'anyone') 
     16 
     17Example 2: The current default for new packages is: 
     18          * the user who creates it is an 'admin' 
     19          * Visitor and Logged-in are both an 'editor' (these are special users 
     20 
     21=== role-action table === 
     22 
     23Each role has a list of action priviledges for a package or group. 
     24 
     25Currently: 
     26 * An 'admin' can do anything (includes package/group deletion & changing user roles) 
     27 * An 'editor' can edit or read 
     28 * A 'reader' can read 
     29 
     30 
     31---- 
     32 
     33 
     34== Design Notes == 
    435 
    536When a new package is created you as the creator automatically become admin for it and you can assign which other users have write or read access. NB: by default any user (including someone who is not-logged-in) will be able to read and write. 
     
    738There are "system" level admins for CKAN who may alter permissions on any package. 
    839 
    9 == Use Cases == 
     40=== Use Cases === 
    1041 
    1142  * A user means someone who is logged in. 
     
    427316: Try to edit over REST interface a package for which 'visitor' has Editor role, but no API is supplied. Not allowed. 
    4374 
    44 == Optional == 
     75=== Optional === 
    4576 
    4677  * Support for access-related groups 
     
    4879 
    4980 
    50 == Implementation == 
     81=== Implementation === 
    5182 
    5283{{{ 
     
    76107  * update assignment of system level role 
    77108 
    78 === Determining permissions === 
     109==== Determining permissions ==== 
    79110 
    80111{{{ 
     
    102133}}} 
    103134 
    104 === Initializing Permissions for a Package === 
     135==== Initializing Permissions for a Package ==== 
    105136 
    106137 when we create a package: visitor is given reader and editor roles automatically (ditto for user) 
    107138 
    108 === DB Sketch === 
     139==== DB Sketch ==== 
    109140 
    110141{{{ 
     
    127158editor| package | read 
    128159 
    129 user-role-table 
     160user-role table 
    130161 
    131162username.id | context | objectid    | role