Mercurial > p > roundup > code

annotate doc/security.txt @ 742:b105b46f6324

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
'I must run unit tests before committing\n' * 100
author Richard Jones <richard@users.sourceforge.net>
date Thu, 23 May 2002 04:26:05 +0000
parents d341cd0e7689
children 811475894dd9
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 Security Mechanisms
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
5 :Version: $Revision: 1.2 $
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 Current situation
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 =================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 Current logical controls:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 ANONYMOUS_ACCESS = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 Deny or allow anonymous access to the web interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 ANONYMOUS_REGISTER = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 Deny or allow anonymous users to register through the web interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 ANONYMOUS_REGISTER_MAIL = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 Deny or allow anonymous users to register through the mail interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 The web interface implements another level of user-interface security,
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20 preventing non-admin users from accessing:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
21
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
22 - other user's details pages
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
23 - listing the base classes (not issues or their user page)
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
24 - editing base classes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
25
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
26
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
27 Issues
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
28 ======
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
29
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
30 1. The current implementation is ad-hoc, and not complete for all `use cases`_.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 2. Currently it is not possible to allow submission of issues through email
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
32 but restrict those users from accessing the web interface.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 3. Only one user may perform admin functions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 4. There is no verification of users in the mail gateway by any means other
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
35 than the From address. Support for strong signatures should be added.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
36
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
37
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
38 Possible approaches
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41 Security controls in Roundup could be approached in three ways:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43 1) at the hyperdb level, with read/write/modify permissions on classes, nodes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44 and node properties for all or specific transitions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
45 2) at the user interface level, with access permissions on CGI interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
46 methods, mailgw methods, roundup-admin methods, and so on.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
47 3) at a logical permission level, checked as needed.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49 In all cases, the security built into roundup assumes restricted access to the
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
50 hyperdatabase itself, through Operating System controls such as user or group
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
51 permissions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
53 Hyperdb-level control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
54 ---------------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
55
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
56 Control is implemented at the Class.get, Class.set and Class.create level. All
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
57 other methods must access nodes through these methods. Since all accesses go
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
58 through the database, we can implement deny by default.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
59
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
60 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
61
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
62 - easier to implement as it only affects one module
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
63 - smaller number of permissions to worry about
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
64
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
65 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
66
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
67 - harder to determine the relationship between user interaction and hyperdb
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
68 permission.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
69 - a lot of work to define
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
70 - must special-case to handle by-node permissions (editing user details,
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
71 having private messages)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
72
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
73
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
74 User-interface control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
75 ----------------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
76
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
77 The user interfaces would have an extra layer between that which
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
78 parses the request to determine action and the action method. This layer
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
79 controls access. Since it is possible to require methods be registered
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
80 with the security mechanisms to be accessed by the user, deny by default
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
81 is possible.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
82
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
83 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
84
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
85 - much more obvious at the user level what the controls are
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
86
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
87 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
88
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
89 - much more work to implement
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
90 - most user interfaces have multiple uses which can't be covered by a
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
91 single permission
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
92
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
93
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
94 Logical control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
95 ---------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
96
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
97 At each point that requires an action to be performed, the security mechanisms
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
98 are asked if the current user has permission. Since code must call the
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
99 check function to raise a denial, there is no possibility to have automatic
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
100 default of deny in this situation.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
101
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
102 In practice, this is implemented as:
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
103
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
104 1. there's a mapping of user -> role (in hyperdb)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
105 2. there's a mapping of role -> permission (in code)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
106 3. there's a function that's available to all roundup code that can ask
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
107 whether a particular user has a particular permission.
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
108
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
109 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
110
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
111 - quite obvious what is going on
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
112 - is the current system
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
113
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
114 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
115
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
116 - large number of possible permissions that may be defined, possibly
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
117 mirroring actual user interface controls.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
118
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
119
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
120 Applying controls to users
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
121 ==========================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
122
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
123 Individual assignment of Permission to User is unwieldy. The concept of a
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
124 Role, which encompasses several Permissions and may be assigned to many Users,
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
125 is quite well developed in many projects. Roundup will take this path, and
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
126 allow the multiple assignment of Roles to Users, and multiple Permissions to
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
127 Roles. These definitions will be stored in the hyperdb.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
128
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
129
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
130 A permission module defines::
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
131
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
132 class InMemoryImmutableClass(hyperdb.Class):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
133 ''' Don't allow changes to this class's nodes.
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
134 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
135 def __init__(self, db, classname, **properties):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
136 ''' Set up an in-memory store for the nodes of this class
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
137 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
138
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
139 def create(self, **propvalues):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
140 ''' Create a new node in the in-memory store
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
141 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
142
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
143 def get(self, nodeid, propname, default=_marker, cache=1):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
144 ''' Get the node from the in-memory store
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
145 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
146
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
147 def set(self, *args):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
148 raise ValueError, "%s are immutable"%self.__class__.__name__
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
149
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
150 class PermissionClass(InMemoryImmutableClass):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
151 ''' Include the default attributes:
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
152 - name (String, key)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
153 - description (String)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
154 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
155
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
156 class RoleClass(InMemoryImmutableClass):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
157 ''' Include the default attributes:
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
158 - name (String, key)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
159 - description (String)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
160 - permissions (PermissionClass Multilink)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
161 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
162
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
163 def hasPermission(db, userid, permission):
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
164 ''' Look through all the Roles, and hence Permissions, and see if
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
165 "permission" is there
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
166 '''
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
167
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
168
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
169 The instance dbinit module then has::
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
170
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
171 in open():
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
172
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
173 perm = permission.PermissionClass(db, "permission")
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
174 role = permission.RoleClass(db, "role")
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
175
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
176 wa = perm.create(name="Web Access",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
177 description="User may log in through the web")
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
178 wr = perm.create(name="Web Registration",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
179 description="User may register through the web")
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
180 ma = perm.create(name="Mail Access",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
181 description="User may log in through email")
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
182 mr = perm.create(name="Mail Registration",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
183 description="User may register through email")
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
184 aa = perm.create(name="Access Everything",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
185 description="User may access everthing")
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
186 role.create(name="User", description="A regular user, no privs",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
187 permissions=[wa, wr, ma, mr])
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
188 role.create(name="Admin", description="An admin user, full privs",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
189 permissions=[aa])
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
190 ro = role.create(name="No Rego", description="A user who can't register",
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
191 permissions=[wa, ma])
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
192
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
193 in init():
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
194
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
195 r = db.getclass('role').find('Admin')
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
196 user.create(username="admin", password=Password(adminpw),
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
197 address=instance_config.ADMIN_EMAIL, roles=[r])
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
198
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
199 # choose your anonymous user access permission here
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
200 #r = db.getclass('role').find('No Rego')
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
201 r = db.getclass('role').find('User')
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
202 user.create(username="anonymous", roles=[r])
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
203
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
204
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
205
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
206 Use cases
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
207 =========
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
208
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
209 public
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
210 end users that can submit bugs, request new features, request support
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
211 developer
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
212 developers that can fix bugs, implement new features provide support
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
213 manager
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
214 approvers/managers that can approve new features and signoff bug fixes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
215 admin
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
216 administrators that can add users and set user's roles
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
217 system
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
218 automated request handlers running various report/escalation scripts
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
219 privacy
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
220 issues that are only visible to some users
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
221
Roundup Issue Tracker: http://roundup-tracker.org/