[kforge-dev] Re: access control
John Bywater
john.bywater at appropriatesoftwarefoundation.org
Mon Jan 30 00:01:29 UTC 2006
obviously that was: you >can< read about the system....
;-)
J.
John Bywater wrote:
> Additionally (I forgot to say) you read all about the access control
> system here:
>
> Domain Layer:
> - access control domain model object classes:
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/dom/accesscontrol.py
>
> - access control domain model event listener:
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/plugin/accesscontrol.py
>
> - access control domain model object initialisation (within
> createProtectionObjects() and createGrants()):
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/command/initialise.py
>
> Service Layer:
> - commands to control access:
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/command/accesscontrol.py
>
>
> - system and project access controllers (use above commands):
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/accesscontrol.py
>
> Presentation Layer:
> - kui base view access control (see authoriseActionObject(), etc.)
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/django/apps/kui/views/base.py
>
> (uses above system access controller)
>
> - concrete kui views (eg. ProjectBaseView, see canUpdateProject(), etc.)
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/django/apps/kui/views/project.py
>
> (uses above project access controller)
>
> - project view mod_python authorisation handler (access control client):
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/apache/urlpermission.py
>
>
> (add 'test' before .py to read the tests)
>
>
> I would be only too happy to repsond to any comments or questions. I
> would be very surprised if there were a few things that needed some
> more attention. I am fairly pleased with it though...
>
> One thing is that we could try to get the mod_python handler to pick
> up on a kui session cookie. Another may be writing a mod_python view
> derived from the base kui view (or some extraction if necessary). This
> would unify presentation layer access control and session management
> for the 'admin' and 'project' view.
>
> Best regards,
>
> John.
>
>
> John Bywater wrote:
>
>> Hello All,
>>
>> Just to say that I've written a nice new access control system, which
>> was a significant piece of work. In addition to the analysis below,
>> there are personal grants and bars (so it's not simply a role-based
>> access control system).
>>
>> I've also added the project and person undelete and purge commands.
>>
>> All 197 tests are passing....
>>
>> Best regards,
>>
>> John.
>>
>>
>>
>> John Bywater wrote:
>>
>>> [written to clarify my own understanding - I've been reworking the
>>> code and I think I've worked it out :-)]
>>>
>>
>> <snip>
>>
>>
>
>
More information about the kforge-dev
mailing list