[kforge-dev] Re: access control
John Bywater
john.bywater at appropriatesoftwarefoundation.org
Sun Jan 29 23:24:23 UTC 2006
Additionally (I forgot to say) you read all about the access control
system here:
Domain Layer:
- access control domain model object classes:
http://scm.kforge.net/svn/kforge/trunk/src/kforge/dom/accesscontrol.py
- access control domain model event listener:
http://scm.kforge.net/svn/kforge/trunk/src/kforge/plugin/accesscontrol.py
- access control domain model object initialisation (within
createProtectionObjects() and createGrants()):
http://scm.kforge.net/svn/kforge/trunk/src/kforge/command/initialise.py
Service Layer:
- commands to control access:
http://scm.kforge.net/svn/kforge/trunk/src/kforge/command/accesscontrol.py
- system and project access controllers (use above commands):
http://scm.kforge.net/svn/kforge/trunk/src/kforge/accesscontrol.py
Presentation Layer:
- kui base view access control (see authoriseActionObject(), etc.)
http://scm.kforge.net/svn/kforge/trunk/src/kforge/django/apps/kui/views/base.py
(uses above system access controller)
- concrete kui views (eg. ProjectBaseView, see canUpdateProject(), etc.)
http://scm.kforge.net/svn/kforge/trunk/src/kforge/django/apps/kui/views/project.py
(uses above project access controller)
- project view mod_python authorisation handler (access control client):
http://scm.kforge.net/svn/kforge/trunk/src/kforge/apache/urlpermission.py
(add 'test' before .py to read the tests)
I would be only too happy to repsond to any comments or questions. I
would be very surprised if there were a few things that needed some more
attention. I am fairly pleased with it though...
One thing is that we could try to get the mod_python handler to pick up
on a kui session cookie. Another may be writing a mod_python view
derived from the base kui view (or some extraction if necessary). This
would unify presentation layer access control and session management for
the 'admin' and 'project' view.
Best regards,
John.
John Bywater wrote:
> Hello All,
>
> Just to say that I've written a nice new access control system, which
> was a significant piece of work. In addition to the analysis below,
> there are personal grants and bars (so it's not simply a role-based
> access control system).
>
> I've also added the project and person undelete and purge commands.
>
> All 197 tests are passing....
>
> Best regards,
>
> John.
>
>
>
> John Bywater wrote:
>
>> [written to clarify my own understanding - I've been reworking the
>> code and I think I've worked it out :-)]
>>
>
> <snip>
>
>
More information about the kforge-dev
mailing list