| Prev | Chapter 10. Development Reference | Next |
|---|
By Pete Su
+-The OpenACS 5.5.0 Permissions system allows developers and administrators to +The OpenACS 5.6.0 Permissions system allows developers and administrators to set access control policies at the object level, that is, any application or system object represented by a row in the acs_objects table can be access-controlled via a @@ -21,7 +21,7 @@
The rest of this document discusses each of these parts, and how they fit together with the permissions system.
-OpenACS 5.5.0 has an abstraction called a party. Parties have a recursive +OpenACS 5.6.0 has an abstraction called a party. Parties have a recursive definition. We can illustrate how it works with the following simplified data model. First, we define the parties table, where each party has an email address and a URL for contact @@ -84,14 +84,14 @@ some object. Privileges are the basic units out of which we build access control policies. For example in the Unix filesystem, access is controlled by granting users some combination of read, write, or execute privileges on files and directories. In -OpenACS 5.5.0, +OpenACS 5.6.0, the table of privileges is organized hierarchically so that developers can define privileges that aggregate some set of privileges together. For example, if we have read, write, create and delete privileges, it might be convenient to combine them into a new privilege called "admin". Then, when a user is granted "admin" privilege, she is automatically granted all the child privileges that the privilege -contains. The OpenACS 5.5.0 kernel data model defines these +contains. The OpenACS 5.6.0 kernel data model defines these privileges:
# @@ -136,7 +136,7 @@ OpenACS provides a object contexts as a means for controlling permissions of a large group of objects at the same time.
-In OpenACS 5.5.0, object context is a scoping +In OpenACS 5.6.0, object context is a scoping mechanism. "Scoping" and "scope" are terms best explained by example: consider some hypothetical rows in the address_book table: @@ -199,7 +199,7 @@
See the package developer tutorials for examples on how to use permissions code.
-OpenACS 5.5.0 defines three separate mechanisms for specifying access control +OpenACS 5.6.0 defines three separate mechanisms for specifying access control in applications.
The Groups data model allows you to define hierarchical organizations of users and groups of users. @@ -211,4 +211,4 @@ permissions in a hierarchical fashion.
A PL/SQL or Tcl API is then used to check permissions in application pages. -