Mercurial > p > roundup > code

comparison doc/security.txt @ 871:a4ab8fdf83a2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
More (hopefully final) thoughts.
author Richard Jones <richard@users.sourceforge.net>
date Mon, 15 Jul 2002 22:05:17 +0000
parents a3de8f9b2ede
children d19dd123bda2
comparison
equal deleted inserted replaced
870:a3de8f9b2ede 871:a4ab8fdf83a2
1 =================== 1 ===================
2 Security Mechanisms 2 Security Mechanisms
3 =================== 3 ===================
4 4
5 :Version: $Revision: 1.7 $ 5 :Version: $Revision: 1.8 $
6 6
7 Current situation 7 Current situation
8 ================= 8 =================
9 9
10 Current logical controls: 10 Current logical controls:
106 At each point that requires an action to be performed, the security mechanisms 106 At each point that requires an action to be performed, the security mechanisms
107 are asked if the current user has permission. Since code must call the 107 are asked if the current user has permission. Since code must call the
108 check function to raise a denial, there is no possibility to have automatic 108 check function to raise a denial, there is no possibility to have automatic
109 default of deny in this situation. 109 default of deny in this situation.
110 110
111 In practice, this is implemented as:
112
113 1. there's a mapping of user -> role (in hyperdb)
114 2. there's a mapping of role -> permission (in code)
115 3. there's a set of permissions defined, possibly set against a specific class
116 (in code)
117 4. there's a function that's available to all roundup code that can ask
118 whether a particular user has a particular permission.
119
120 Pros: 111 Pros:
121 112
122 - quite obvious what is going on 113 - quite obvious what is going on
123 - is very similar to the current system 114 - is very similar to the current system
124 115
138 is quite well developed in many projects. Roundup will take this path, and 129 is quite well developed in many projects. Roundup will take this path, and
139 allow the multiple assignment of Roles to Users, and multiple Permissions to 130 allow the multiple assignment of Roles to Users, and multiple Permissions to
140 Roles. These definitions will be stored in the hyperdb. They don't need to be 131 Roles. These definitions will be stored in the hyperdb. They don't need to be
141 pushed to the actual database though. 132 pushed to the actual database though.
142 133
134 There will be two levels of Permission. The Class level permissions define
135 logical permissions associated with all nodes of a particular class (or all
136 classes). The Node level permissions define logical permissions associated
137 with specific nodes by way of their user-linked properties.
138
143 A permission module defines:: 139 A permission module defines::
144 140
145 class InMemoryImmutableClass(hyperdb.Class): 141 class InMemoryImmutableClass(hyperdb.Class):
146 ''' Don't allow changes to this class's nodes. 142 ''' Don't allow changes to this class's nodes.
147 ''' 143 '''
176 - name (String, key) 172 - name (String, key)
177 - description (String) 173 - description (String)
178 - permissions (PermissionClass Multilink) 174 - permissions (PermissionClass Multilink)
179 ''' 175 '''
180 176
181 def hasPermission(db, userid, permission, classname): 177 def hasClassPermission(db, classname, permission, userid):
182 ''' Look through all the Roles, and hence Permissions, and see if 178 ''' Look through all the Roles, and hence Permissions, and see if
183 "permission" is there for the specified classname. 179 "permission" is there for the specified classname.
180
181 '''
182
183 def hasNodePermission(db, classname, nodeid, userid, properties):
184 ''' Check the named properties of the given node to see if the userid
185 appears in them. If it does, then the user is granted this
186 permission check.
187
188 'propspec' consists of a list of property names. The property
189 names must be the name of a property of classname, or a
190 KeyError is raised. That property must be a Link or Multilink
191 property, or a TypeError is raised.
192
193 If the property is a Link, the userid must match the property
194 value. If the property is a Multilink, the userid must appear
195 in the Multilink list.
184 ''' 196 '''
185 197
186 The instance dbinit module then has in ``open()``:: 198 The instance dbinit module then has in ``open()``::
187 199
188 perm = permission.PermissionClass(db, "permission") 200 perm = permission.PermissionClass(db, "permission")
227 #r = db.getclass('role').lookup('No Rego') 239 #r = db.getclass('role').lookup('No Rego')
228 r = db.getclass('role').lookup('User') 240 r = db.getclass('role').lookup('User')
229 user.create(username="anonymous", roles=[r]) 241 user.create(username="anonymous", roles=[r])
230 242
231 Then in the code that matters, calls to ``hasPermission`` are made to 243 Then in the code that matters, calls to ``hasPermission`` are made to
232 determine if the user has permission to perform some action. 244 determine if the user has permission to perform some action::
245
246 if security.hasClassPermission('issue', 'Edit', self.user):
247 # all ok
248
249 if security.hasNodePermission('issue', nodeid, self.user, ['assignedto']):
250 # all ok
251
252 The htmltemplate will implement a new tag, <permission> which has the form::
253
254 <permission require=name,name,name node=assignedto>
255 HTML to display if the user has the permission.
256 <else>
257 HTML to display if the user does not have the permission.
258 </permission>
259
260 where the require attribute gives a comma-separated list of permission names
261 which are required, and the node attribute gives a comma-separated list of
262 node properties whose value must match the current user's id. Either of these
263 tests must pass or the permission check will fail.
233 264
234 265
235 Authentication of Users 266 Authentication of Users
236 ----------------------- 267 -----------------------
237 268
Roundup Issue Tracker: http://roundup-tracker.org/