Mercurial > p > roundup > code

annotate doc/security.txt @ 873:394a6ff9253e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Saving queries.
author Gordon B. McMillan <gmcm@users.sourceforge.net>
date Wed, 17 Jul 2002 12:53:48 +0000
parents a4ab8fdf83a2
children d19dd123bda2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 Security Mechanisms
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4
871
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
5 :Version: $Revision: 1.8 $
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 Current situation
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 =================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 Current logical controls:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 ANONYMOUS_ACCESS = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 Deny or allow anonymous access to the web interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 ANONYMOUS_REGISTER = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 Deny or allow anonymous users to register through the web interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 ANONYMOUS_REGISTER_MAIL = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 Deny or allow anonymous users to register through the mail interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
19 Current user interface authentication and controls:
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
20
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
21 - command-line tool access controlled with passwords, but no logical controls
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
22 - CGI access is by username and password and has some logical controls
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
23 - mailgw access is through identification using sender email address, with
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
24 limited functionality available
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
25
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
26 The web interface implements has specific logical controls,
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
27 preventing non-admin users from accessing:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
28
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
29 - other user's details pages
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
30 - listing the base classes (not issues or their user page)
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 - editing base classes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
32
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 Issues
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 ======
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
35
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
36 1. The current implementation is ad-hoc, and not complete for all `use cases`_.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
37 2. Currently it is not possible to allow submission of issues through email
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
38 but restrict those users from accessing the web interface.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39 3. Only one user may perform admin functions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 4. There is no verification of users in the mail gateway by any means other
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
41 than the From address. Support for strong identification through digital
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
42 signatures should be added.
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
43 5. The command-line tool has no logical controls.
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
45
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
46 Possible approaches
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
47 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49 Security controls in Roundup could be approached in three ways:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
50
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
51 1) at the hyperdb level, with read/write/modify permissions on classes, nodes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52 and node properties for all or specific transitions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
53 2) at the user interface level, with access permissions on CGI interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
54 methods, mailgw methods, roundup-admin methods, and so on.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
55 3) at a logical permission level, checked as needed.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
56
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
57 In all cases, the security built into roundup assumes restricted access to the
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
58 hyperdatabase itself, through Operating System controls such as user or group
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
59 permissions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
60
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
61
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
62 Hyperdb-level control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
63 ---------------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
64
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
65 Control is implemented at the Class.get, Class.set and Class.create level. All
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
66 other methods must access nodes through these methods. Since all accesses go
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
67 through the database, we can implement deny by default.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
68
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
69 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
70
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
71 - easier to implement as it only affects one module
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
72 - smaller number of permissions to worry about
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
73
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
74 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
75
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
76 - harder to determine the relationship between user interaction and hyperdb
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
77 permission.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
78 - a lot of work to define
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
79 - must special-case to handle by-node permissions (editing user details,
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
80 having private messages)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
81
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
82
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
83 User-interface control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
84 ----------------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
85
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
86 The user interfaces would have an extra layer between that which
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
87 parses the request to determine action and the action method. This layer
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
88 controls access. Since it is possible to require methods be registered
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
89 with the security mechanisms to be accessed by the user, deny by default
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
90 is possible.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
91
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
92 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
93
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
94 - much more obvious at the user level what the controls are
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
95
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
96 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
97
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
98 - much more work to implement
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
99 - most user interfaces have multiple uses which can't be covered by a
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
100 single permission
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
101
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
102
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
103 Logical control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
104 ---------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
105
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
106 At each point that requires an action to be performed, the security mechanisms
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
107 are asked if the current user has permission. Since code must call the
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
108 check function to raise a denial, there is no possibility to have automatic
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
109 default of deny in this situation.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
110
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
111 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
112
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
113 - quite obvious what is going on
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
114 - is very similar to the current system
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
115
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
116 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
117
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
118 - large number of possible permissions that may be defined, possibly
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
119 mirroring actual user interface controls.
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
120 - access to the hyperdb must be strictly controlled through program code
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
121 that implements the logical controls.
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
122
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
123
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
124 Applying controls to users
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
125 ==========================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
126
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
127 Individual assignment of Permission to User is unwieldy. The concept of a
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
128 Role, which encompasses several Permissions and may be assigned to many Users,
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
129 is quite well developed in many projects. Roundup will take this path, and
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
130 allow the multiple assignment of Roles to Users, and multiple Permissions to
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
131 Roles. These definitions will be stored in the hyperdb. They don't need to be
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
132 pushed to the actual database though.
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
133
871
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
134 There will be two levels of Permission. The Class level permissions define
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
135 logical permissions associated with all nodes of a particular class (or all
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
136 classes). The Node level permissions define logical permissions associated
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
137 with specific nodes by way of their user-linked properties.
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
138
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
139 A permission module defines::
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
140
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
141 class InMemoryImmutableClass(hyperdb.Class):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
142 ''' Don't allow changes to this class's nodes.
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
143 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
144 def __init__(self, db, classname, **properties):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
145 ''' Set up an in-memory store for the nodes of this class
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
146 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
147
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
148 def create(self, **propvalues):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
149 ''' Create a new node in the in-memory store
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
150 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
151
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
152 def get(self, nodeid, propname, default=_marker, cache=1):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
153 ''' Get the node from the in-memory store
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
154 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
155
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
156 def set(self, *args):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
157 raise ValueError, "%s are immutable"%self.__class__.__name__
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
158
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
159 class PermissionClass(InMemoryImmutableClass):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
160 ''' Include the default attributes:
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
161 - name (String)
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
162 - classname (String)
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
163 - description (String)
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
164
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
165 The classname may be unset, indicating that this permission is not
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
166 locked to a particular class. That means there may be multiple
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
167 Permissions for the same name for different classes.
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
168 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
169
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
170 class RoleClass(InMemoryImmutableClass):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
171 ''' Include the default attributes:
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
172 - name (String, key)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
173 - description (String)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
174 - permissions (PermissionClass Multilink)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
175 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
176
871
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
177 def hasClassPermission(db, classname, permission, userid):
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
178 ''' Look through all the Roles, and hence Permissions, and see if
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
179 "permission" is there for the specified classname.
871
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
180
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
181 '''
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
182
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
183 def hasNodePermission(db, classname, nodeid, userid, properties):
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
184 ''' Check the named properties of the given node to see if the userid
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
185 appears in them. If it does, then the user is granted this
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
186 permission check.
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
187
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
188 'propspec' consists of a list of property names. The property
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
189 names must be the name of a property of classname, or a
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
190 KeyError is raised. That property must be a Link or Multilink
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
191 property, or a TypeError is raised.
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
192
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
193 If the property is a Link, the userid must match the property
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
194 value. If the property is a Multilink, the userid must appear
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
195 in the Multilink list.
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
196 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
197
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
198 The instance dbinit module then has in ``open()``::
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
199
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
200 perm = permission.PermissionClass(db, "permission")
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
201 role = permission.RoleClass(db, "role")
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
202
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
203 # create some Permissions
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
204 wa = perm.create(name="Web Access",
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
205 description="User may use the web interface")
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
206 wr = perm.create(name="Web Registration",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
207 description="User may register through the web")
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
208
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
209 ma = perm.create(name="Mail Access",
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
210 description="User may use the email interface")
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
211 mr = perm.create(name="Mail Registration",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
212 description="User may register through email")
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
213
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
214 ee = perm.create(name="Edit",
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
215 description="User may edit everthing")
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
216 ei = perm.create(name="Edit", classname="issue",
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
217 description="User is allowed to edit issues")
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
218
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
219 ae = perm.create(name="Assign",
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
220 description="User may be assigned to anything")
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
221 ai = perm.create(name="Assign", classname="issue",
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
222 description="User may be assigned to issues")
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
223
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
224 # create some Roles that use the Permissions
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
225 role.create(name="User", description="A regular user, no privs",
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
226 permissions=[wa, wr, ma, mr, ei, ai])
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
227 role.create(name="Admin", description="An admin user, full privs",
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
228 permissions=[ee, ae])
865
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
229 role.create(name="No Rego", description="A user who can't register",
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
230 permissions=[wa, ma])
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
231
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
232 in ``init()``::
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
233
811
2a0886bacdcc Note correct API calls in the doc ;)
Richard Jones <richard@users.sourceforge.net>
parents: 774
diff changeset
234 r = db.getclass('role').lookup('Admin')
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
235 user.create(username="admin", password=Password(adminpw),
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
236 address=instance_config.ADMIN_EMAIL, roles=[r])
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
237
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
238 # choose your anonymous user access permission here
811
2a0886bacdcc Note correct API calls in the doc ;)
Richard Jones <richard@users.sourceforge.net>
parents: 774
diff changeset
239 #r = db.getclass('role').lookup('No Rego')
2a0886bacdcc Note correct API calls in the doc ;)
Richard Jones <richard@users.sourceforge.net>
parents: 774
diff changeset
240 r = db.getclass('role').lookup('User')
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
241 user.create(username="anonymous", roles=[r])
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
242
865
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
243 Then in the code that matters, calls to ``hasPermission`` are made to
871
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
244 determine if the user has permission to perform some action::
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
245
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
246 if security.hasClassPermission('issue', 'Edit', self.user):
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
247 # all ok
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
248
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
249 if security.hasNodePermission('issue', nodeid, self.user, ['assignedto']):
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
250 # all ok
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
251
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
252 The htmltemplate will implement a new tag, <permission> which has the form::
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
253
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
254 <permission require=name,name,name node=assignedto>
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
255 HTML to display if the user has the permission.
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
256 <else>
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
257 HTML to display if the user does not have the permission.
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
258 </permission>
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
259
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
260 where the require attribute gives a comma-separated list of permission names
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
261 which are required, and the node attribute gives a comma-separated list of
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
262 node properties whose value must match the current user's id. Either of these
a4ab8fdf83a2 More (hopefully final) thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 870
diff changeset
263 tests must pass or the permission check will fail.
865
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
264
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
265
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
266 Authentication of Users
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
267 -----------------------
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
268
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
269 Users must be authenticated correctly for the above controls to work. This is
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
270 not done in the current mail gateway at all. Use of digital signing of
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
271 messages could alleviate this problem.
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
272
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
273 The exact mechanism of registering the digital signature should be flexible,
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
274 with perhaps a level of trust. Users who supply their signature through their
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
275 first message into the tracker should be at a lower level of trust to those
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
276 who supply their signature to an admin for submission to their user details.
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
277
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
278
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
279 Action
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
280 ======
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
281
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
282 The CGI interface must be changed to:
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
283
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
284 - authenticate over a secure connection
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
285 - use unique tokens as a result of authentication, rather than pass the user's
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
286 real credentials (username/password) around for each request (this means
840
e07e5903c3b4 Updated documents
Richard Jones <richard@users.sourceforge.net>
parents: 811
diff changeset
287 sessions and hence a session database)
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
288 - use the new logical control mechanisms
865
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
289 - implement the permission module
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
290 - implement a Role editing interface for users
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
291 - implement htmltemplate tests on permissions
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
292 - switch all code over from using config vars for permission checks to using
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
293 permissions
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
294 - include config vars for initial Roles for anonymous web, new web and new
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
295 email users
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
296
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
297 The mail gateway must be changed to:
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
298
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
299 - use digital signatures
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
300 - use the new logical control mechanisms
865
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
301 - switch all code over from using config vars for permission checks to using
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
302 permissions
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
303
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
304 The command-line tool must be changed to:
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
305
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
306 - use the new logical control mechanisms (only allowing write
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
307 access by admin users, and read-only by everyone else)
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
308
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
309
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
310 Use cases
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
311 =========
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
312
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
313 public
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
314 end users that can submit bugs, request new features, request support
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
315 developer
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
316 developers that can fix bugs, implement new features provide support
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
317 manager
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
318 approvers/managers that can approve new features and signoff bug fixes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
319 admin
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
320 administrators that can add users and set user's roles
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
321 system
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
322 automated request handlers running various report/escalation scripts
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
323 privacy
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
324 issues that are only visible to some users
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
325
Roundup Issue Tracker: http://roundup-tracker.org/