Index: openacs-4/packages/acs-core-docs/www/permissions.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/permissions.html,v diff -u -r1.22.2.2 -r1.22.2.3 --- openacs-4/packages/acs-core-docs/www/permissions.html 21 Nov 2003 11:14:09 -0000 1.22.2.2 +++ openacs-4/packages/acs-core-docs/www/permissions.html 8 Dec 2003 15:41:18 -0000 1.22.2.3 @@ -1,8 +1,8 @@ -Groups, Context, Permissions

Groups, Context, Permissions

By Pete Su

+Groups, Context, Permissions

Groups, Context, Permissions

By Pete Su

OpenACS docs are written by the named authors, and may be edited by OpenACS documentation staff.

Overview

-The OpenACS 5.0.0b2 Permissions system allows developers and administrators to +The OpenACS 5.0.0b4 Permissions system allows developers and administrators to set access control policies at the object level, that is, any application or system object represented by a row in the acs_objects table can be access-controlled via a simple @@ -13,7 +13,7 @@ Although this may all sound easy and wonderful, no developer or administrator would want to explicitly set access control rights for every user and every object on a -site. Therefore, OpenACS 5.0.0b2 has two auxiliary mechanisms for making this +site. Therefore, OpenACS 5.0.0b4 has two auxiliary mechanisms for making this easier: First, the Groups system allows users to be grouped together in flexible ways. Second, the object model defines a notion of object context, which allows applications to group objects @@ -25,7 +25,7 @@ define simple groupings of users. Each group had a human readable name and unique ID, and there was a single mapping table that mapped users to groups. (The actual data model was more complicated because it -contained a meta-data system much like the OpenACS 5.0.0b2 object type system, +contained a meta-data system much like the OpenACS 5.0.0b4 object type system, but that's not relevant right now.)

The 3.x groups system, while very useful, was limited in few ways. The @@ -47,7 +47,7 @@ member of Greenpeace, its members are not necessarily members of Greenpeace.

-OpenACS 5.0.0b2 solves both of these modeling problems by introducing a new +OpenACS 5.0.0b4 solves both of these modeling problems by introducing a new abstraction called a party. Parties have a recursive definition, and we can illustrate how it works with the following simplified data model. First, we define the parties @@ -113,18 +113,18 @@ already know what parties and objects are, but we don't know what privileges are.

-In OpenACS 5.0.0b2, a privilege models the right to perform some operation on +In OpenACS 5.0.0b4, a privilege models the right to perform some operation on some object. They are the basic units out of which we build access control policies. For example, in the Unix filesystem we typically implement access control by granting users some combination of -read. write or execute privileges on files and directories. In OpenACS 5.0.0b2, +read. write or execute privileges on files and directories. In OpenACS 5.0.0b4, the table of privileges is organized hierarchically so that developers can define privileges that aggregate some set of privileges together. For example, if we have read, write, create and delete privileges, it might be convenient to combine them into a new privilege called "admin". Then if we grant a user this privilege she is automatically granted all the child privileges that the privilege -contains. The OpenACS 5.0.0b2 kernel data model actually defines these +contains. The OpenACS 5.0.0b4 kernel data model actually defines these privileges as follows:

 
@@ -164,7 +164,7 @@
 permissions to large groups of objects in the site, all at once. We
 use contexts to achieve this goal.
 

Object Context

-In OpenACS 5.0.0b2, an object context is a generalization of the scoping +In OpenACS 5.0.0b4, an object context is a generalization of the scoping mechanism introduced in OpenACS 3.x. "Scoping" and "scope" are terms best explained by example: consider some hypothetical rows in the address_book table: @@ -179,7 +179,7 @@ person or a group of people or the general public (itself a group of people).

-In OpenACS 5.0.0b2, rather than breaking the world into a limited set of scopes, +In OpenACS 5.0.0b4, rather than breaking the world into a limited set of scopes, every object lives in a single context. A context is just an another object that represents the security domain to which the object belongs. By convention, if an object A doesn't have any permissions @@ -196,7 +196,7 @@ application. With only row-level permissions it is not obvious how to reasonably initialize the access control list when creating a message. At best, we have to explicitly grant various read and write -privileges whenever we create a message, which is tedious. In OpenACS 5.0.0b2, +privileges whenever we create a message, which is tedious. In OpenACS 5.0.0b4, a reasonable thing to do is to create an object representing a forum, and point the context_id field of a new message at the forum. Then, suppose we grant every user in the system read-access to @@ -226,21 +226,19 @@

Example

At this point, you should either go and download the Notes example -code from the package repository, or check it out of the ArsDigita CVS +code from the package repository, or check it out of the OpenACS CVS repository and add it to your server. The package is called -"notes". To check it out from CVS, read the these instructions on how to use anonymous checkouts and then -checkout the module acs-packages/notes: +"notes". To check it out from CVS, read the these instructions +on how to use anonymous checkouts and then +checkout the module notes: -

-
-% export CVSROOT=:pserver:anonymous@cvs.arsdigita.com:/usr/local/cvsroot
-% cvs login # the password is acsrules
-% cvs checkout acs-packages/notes
-
+

% export CVSROOT=:pserver:anonymous@openacs.org:/cvsroot
+% cvs login # just hit enter when prompted for a password
+% cvs co notes
 

After you have downloaded the package, look at the index.tcl page in the www directory. You can also -look at the code in your browser. The code should look something like this: +look at the code in your browser. The code should look something like this:

 
 # main index page for notes.
@@ -304,7 +302,7 @@
 privileges. Also, the WHERE clause of the query ensures that we only
 see notes that we are allowed to see.
 

-Next, look at the index.adp. It is pretty complicated. +Next, look at the index.adp. It is pretty complicated. The main part of this page uses a multiple template tag. If you want to experiment, you can replace the main body of the multiple tag with this: @@ -330,7 +328,7 @@

This displays the title of the note as either a link or plain text depending on whether or not we have write privileges on the object. -The if tag is something that the OpenACS 5.0.0b2 template system +The if tag is something that the OpenACS 5.0.0b4 template system defines for you to support conditional presentation. The templates developer guide provides more information about this.

If you study the rest of the system, you will also notice that the @@ -344,7 +342,7 @@ permissions to notes that she wanted to make public or whatever. But that's beyond the scope of this example.

Summary

-OpenACS 5.0.0b2 defines three separate mechanisms for specifying access control +OpenACS 5.0.0b4 defines three separate mechanisms for specifying access control in applications. The Groups data model allows you to define hierarchical organizations of users and groups of users. The Permissions data model allows you to define a hierarchy of user rights. Finally, @@ -354,4 +352,4 @@

In the next section, we'll look at a more complex page for adding and editing notes, and discuss these issues further. -

($Id$)
View comments on this page at openacs.org
+

($Id$)
View comments on this page at openacs.org