[kforge-dev] Re: access control
John Bywater
john.bywater at appropriatesoftwarefoundation.org
Mon Jan 30 00:27:45 UTC 2006
Don't you hate it when you miss out a 'not':
"I would be very surprised if there were >not< a few things that needed
some more attention. "
Sorry,
John.
John Bywater wrote:
> obviously that was: you >can< read about the system....
>
> ;-)
>
> J.
>
> John Bywater wrote:
>
>> Additionally (I forgot to say) you read all about the access control
>> system here:
>>
>> Domain Layer:
>> - access control domain model object classes:
>> http://scm.kforge.net/svn/kforge/trunk/src/kforge/dom/accesscontrol.py
>>
>> - access control domain model event listener:
>> http://scm.kforge.net/svn/kforge/trunk/src/kforge/plugin/accesscontrol.py
>>
>>
>> - access control domain model object initialisation (within
>> createProtectionObjects() and createGrants()):
>> http://scm.kforge.net/svn/kforge/trunk/src/kforge/command/initialise.py
>>
>> Service Layer:
>> - commands to control access:
>> http://scm.kforge.net/svn/kforge/trunk/src/kforge/command/accesscontrol.py
>>
>>
>> - system and project access controllers (use above commands):
>> http://scm.kforge.net/svn/kforge/trunk/src/kforge/accesscontrol.py
>>
>> Presentation Layer:
>> - kui base view access control (see authoriseActionObject(), etc.)
>> http://scm.kforge.net/svn/kforge/trunk/src/kforge/django/apps/kui/views/base.py
>>
>> (uses above system access controller)
>>
>> - concrete kui views (eg. ProjectBaseView, see canUpdateProject(), etc.)
>> http://scm.kforge.net/svn/kforge/trunk/src/kforge/django/apps/kui/views/project.py
>>
>> (uses above project access controller)
>>
>> - project view mod_python authorisation handler (access control client):
>> http://scm.kforge.net/svn/kforge/trunk/src/kforge/apache/urlpermission.py
>>
>>
>>
>> (add 'test' before .py to read the tests)
>>
>>
>> I would be only too happy to repsond to any comments or questions. I
>> would be very surprised if there were a few things that needed some
>> more attention. I am fairly pleased with it though...
>>
>> One thing is that we could try to get the mod_python handler to pick
>> up on a kui session cookie. Another may be writing a mod_python view
>> derived from the base kui view (or some extraction if necessary).
>> This would unify presentation layer access control and session
>> management for the 'admin' and 'project' view.
>>
>> Best regards,
>>
>> John.
>>
>>
>> John Bywater wrote:
>>
>>> Hello All,
>>>
>>> Just to say that I've written a nice new access control system,
>>> which was a significant piece of work. In addition to the analysis
>>> below, there are personal grants and bars (so it's not simply a
>>> role-based access control system).
>>>
>>> I've also added the project and person undelete and purge commands.
>>>
>>> All 197 tests are passing....
>>>
>>> Best regards,
>>>
>>> John.
>>>
>>>
>>>
>>> John Bywater wrote:
>>>
>>>> [written to clarify my own understanding - I've been reworking the
>>>> code and I think I've worked it out :-)]
>>>>
>>>
>>> <snip>
>>>
>>>
>>
>>
>
>
> _______________________________________________
> kforge-dev mailing list
> kforge-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/kforge-dev
>
>
>
More information about the kforge-dev
mailing list