[kforge-dev] Re: access control

John Bywater john.bywater at appropriatesoftwarefoundation.org
Mon Jan 30 00:01:29 UTC 2006 

obviously that was: you >can< read about the system....

;-)

J.

John Bywater wrote:

> Additionally (I forgot to say) you read all about the access control 
> system here:
>
> Domain Layer:
> - access control domain model object classes:
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/dom/accesscontrol.py
>
> - access control domain model event listener:
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/plugin/accesscontrol.py
>
> - access control domain model object initialisation (within 
> createProtectionObjects() and createGrants()):
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/command/initialise.py
>
> Service Layer:
> - commands to control access:
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/command/accesscontrol.py 
>
>
> - system and project access controllers (use above commands):
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/accesscontrol.py
>
> Presentation Layer:
> - kui  base view access control (see authoriseActionObject(), etc.)
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/django/apps/kui/views/base.py 
>
> (uses above system access controller)
>
> - concrete kui views (eg. ProjectBaseView, see canUpdateProject(), etc.)
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/django/apps/kui/views/project.py 
>
> (uses above project access controller)
>
> - project view mod_python authorisation handler (access control client):
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/apache/urlpermission.py
>
>
> (add 'test' before .py to read the tests)
>
>
> I would be only too happy to repsond to any comments or questions. I 
> would be very surprised if there were a few things that needed some 
> more attention. I am fairly pleased with it though...
>
> One thing is that we could try to get the mod_python handler to pick 
> up on a kui session cookie. Another may be writing a mod_python view 
> derived from the base kui view (or some extraction if necessary). This 
> would unify presentation layer access control and session management 
> for the 'admin' and 'project' view.
>
> Best regards,
>
> John.
>
>
> John Bywater wrote:
>
>> Hello All,
>>
>> Just to say that I've written a nice new access control system, which 
>> was a significant piece of work. In addition to the analysis below, 
>> there are personal grants and bars (so it's not simply a role-based 
>> access control system).
>>
>> I've also added the project and person undelete and purge commands.
>>
>> All 197 tests are passing....
>>
>> Best regards,
>>
>> John.
>>
>>
>>
>> John Bywater wrote:
>>
>>> [written to clarify my own understanding - I've been reworking the 
>>> code and I think I've worked it out :-)]
>>>
>>
>> <snip>
>>
>>
>
>

More information about the kforge-dev mailing list