Mercurial > p > roundup > code
comparison doc/security.txt @ 877:7d41d4dae378
this could work...
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Wed, 17 Jul 2002 23:40:19 +0000 |
| parents | 2ccfd7fa0099 |
| children | b0d3d3535998 |
comparison
equal
deleted
inserted
replaced
| 876:2ccfd7fa0099 | 877:7d41d4dae378 |
|---|---|
| 1 =================== | 1 =================== |
| 2 Security Mechanisms | 2 Security Mechanisms |
| 3 =================== | 3 =================== |
| 4 | 4 |
| 5 :Version: $Revision: 1.10 $ | 5 :Version: $Revision: 1.11 $ |
| 6 | 6 |
| 7 Current situation | 7 Current situation |
| 8 ================= | 8 ================= |
| 9 | 9 |
| 10 Current logical controls: | 10 Current logical controls: |
| 134 There will be two levels of Permission. The Class level permissions define | 134 There will be two levels of Permission. The Class level permissions define |
| 135 logical permissions associated with all nodes of a particular class (or all | 135 logical permissions associated with all nodes of a particular class (or all |
| 136 classes). The Node level permissions define logical permissions associated | 136 classes). The Node level permissions define logical permissions associated |
| 137 with specific nodes by way of their user-linked properties. | 137 with specific nodes by way of their user-linked properties. |
| 138 | 138 |
| 139 A permission module defines:: | 139 A security module defines:: |
| 140 | 140 |
| 141 class InMemoryImmutableClass(hyperdb.Class): | 141 class InMemoryImmutableClass(hyperdb.Class): |
| 142 ''' Don't allow changes to this class's nodes. | 142 ''' Don't allow changes to this class's nodes. |
| 143 ''' | 143 ''' |
| 144 def __init__(self, db, classname, **properties): | 144 def __init__(self, db, classname, **properties): |
| 199 self.addPermissionToRole('Admin', ee) | 199 self.addPermissionToRole('Admin', ee) |
| 200 ae = self.addPermission(name="Assign", | 200 ae = self.addPermission(name="Assign", |
| 201 description="User may be assigned to anything") | 201 description="User may be assigned to anything") |
| 202 self.addPermissionToRole('Admin', ae) | 202 self.addPermissionToRole('Admin', ae) |
| 203 | 203 |
| 204 # initialise the permissions and roles needed for the UIs | |
| 205 from roundup import cgi_client, mailgw | |
| 206 cgi_client.initialiseSecurity(self) | |
| 207 mailgw.initialiseSecurity(self) | |
| 208 | |
| 204 def hasClassPermission(self, db, classname, permission, userid): | 209 def hasClassPermission(self, db, classname, permission, userid): |
| 205 ''' Look through all the Roles, and hence Permissions, and see if | 210 ''' Look through all the Roles, and hence Permissions, and see if |
| 206 "permission" is there for the specified classname. | 211 "permission" is there for the specified classname. |
| 207 | 212 |
| 208 ''' | 213 ''' |
| 238 ''' | 243 ''' |
| 239 | 244 |
| 240 Modules such as ``cgi_client.py`` and ``mailgw.py`` define their own | 245 Modules such as ``cgi_client.py`` and ``mailgw.py`` define their own |
| 241 permissions like so (this example is ``cgi_client.py``):: | 246 permissions like so (this example is ``cgi_client.py``):: |
| 242 | 247 |
| 243 # XXX GAH. If the permissions are instance-db-specific then this can't | 248 def initialiseSecurity(security): |
| 244 # work! | 249 ''' Create some Permissions and Roles on the security object |
| 245 from roundup import permission | 250 |
| 246 | 251 This function is directly invoked by security.Security.__init__() |
| 247 # create some Permissions | 252 as a part of the Security object instantiation. |
| 248 newid = permission.addPermission(name="Web Access", | 253 ''' |
| 249 description="User may use the web interface") | 254 newid = security.addPermission(name="Web Access", |
| 250 permission.addToRole('User', newid) | 255 description="User may use the web interface") |
| 251 permission.addToRole('No Rego', newid) | 256 security.addToRole('User', newid) |
| 252 newid = permission.addPermission(name="Web Registration", | 257 security.addToRole('No Rego', newid) |
| 253 description="User may register through the web") | 258 newid = security.addPermission(name="Web Registration", |
| 254 permission.addToRole('User', newid) | 259 description="User may register through the web") |
| 255 # XXX GAH! | 260 security.addToRole('User', newid) |
| 256 | 261 |
| 257 The instance dbinit module then has in ``open()``:: | 262 The instance dbinit module then has in ``open()``:: |
| 258 | 263 |
| 259 # open the database - it must be modified to init the Security class | 264 # open the database - it must be modified to init the Security class |
| 260 # from permissions.py as db.security | 265 # from security.py as db.security |
| 261 db = Database(instance_config, name) | 266 db = Database(instance_config, name) |
| 262 | 267 |
| 263 # add some extra permissions and associate them with roles | 268 # add some extra permissions and associate them with roles |
| 264 ei = db.security.addPermission(name="Edit", classname="issue", | 269 ei = db.security.addPermission(name="Edit", classname="issue", |
| 265 description="User is allowed to edit issues") | 270 description="User is allowed to edit issues") |