[kforge-dev] Re: access control

John Bywater john.bywater at appropriatesoftwarefoundation.org
Sun Jan 29 23:24:23 UTC 2006

Additionally (I forgot to say) you read all about the access control 
system here:

Domain Layer:
- access control domain model object classes:

- access control domain model event listener:

- access control domain model object initialisation (within 
createProtectionObjects() and createGrants()):

Service Layer:
- commands to control access:

- system and project access controllers (use above commands):

Presentation Layer:
- kui  base view access control (see authoriseActionObject(), etc.)
(uses above system access controller)

- concrete kui views (eg. ProjectBaseView, see canUpdateProject(), etc.)
(uses above project access controller)

- project view mod_python authorisation handler (access control client):

(add 'test' before .py to read the tests)

I would be only too happy to repsond to any comments or questions. I 
would be very surprised if there were a few things that needed some more 
attention. I am fairly pleased with it though...

One thing is that we could try to get the mod_python handler to pick up 
on a kui session cookie. Another may be writing a mod_python view 
derived from the base kui view (or some extraction if necessary). This 
would unify presentation layer access control and session management for 
the 'admin' and 'project' view.

Best regards,


John Bywater wrote:

> Hello All,
> Just to say that I've written a nice new access control system, which 
> was a significant piece of work. In addition to the analysis below, 
> there are personal grants and bars (so it's not simply a role-based 
> access control system).
> I've also added the project and person undelete and purge commands.
> All 197 tests are passing....
> Best regards,
> John.
> John Bywater wrote:
>> [written to clarify my own understanding - I've been reworking the 
>> code and I think I've worked it out :-)]
> <snip>

More information about the kforge-dev mailing list