Update:Remora Permissions: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 33: Line 33:
* users
* users
* versions
* versions
= ACL Tables =
mysql> describe aros;
+---------+--------------+------+-----+---------+----------------+
| Field  | Type        | Null | Key | Default | Extra          |     
+---------+--------------+------+-----+---------+----------------+
| id      | int(11)      |      | PRI | NULL    | auto_increment |
| user_id | int(11)      | YES  |    | NULL    |                |     
| alias  | varchar(255) |      |    |        |                |     
| lft    | int(11)      | YES  |    | NULL    |                |     
| rght    | int(11)      | YES  |    | NULL    |                |     
+---------+--------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)
mysql> describe acos;
+-----------+--------------+------+-----+---------+----------------+
| Field    | Type        | Null | Key | Default | Extra          |     
+-----------+--------------+------+-----+---------+----------------+
| id        | int(11)      |      | PRI | NULL    | auto_increment |
| object_id | int(11)      | YES  |    | NULL    |                |     
| alias    | varchar(255) |      |    |        |                |     
| lft      | int(11)      | YES  |    | NULL    |                |     
| rght      | int(11)      | YES  |    | NULL    |                |     
+-----------+--------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)
mysql> describe aros_acos;
+---------+---------+------+-----+---------+----------------+
| Field  | Type    | Null | Key | Default | Extra          |     
+---------+---------+------+-----+---------+----------------+
| id      | int(11) |      | PRI | NULL    | auto_increment |
| aro_id  | int(11) | YES  |    | NULL    |                |     
| aco_id  | int(11) | YES  |    | NULL    |                |     
| _create | int(11) |      |    | 0      |                |     
| _read  | int(11) |      |    | 0      |                |     
| _update | int(11) |      |    | 0      |                |     
| _delete | int(11) |      |    | 0      |                |     
+---------+---------+------+-----+---------+----------------+
7 rows in set (0.00 sec)


= Adding Permissions =
= Adding Permissions =

Revision as of 21:10, 16 October 2006

« Back to Update:Remora

Intro

Before you continue reading this, RTFCM on ACLs.

Definitions

  • ACL - Access Control List, this is our list of "what can access what", and is controlled by the aros_acos table.
  • ARO - Access Request Object, this is typically a user or any other entity that wants access to something. Data is found in the aros table.
  • ACO - Access Control Object, this is an object that people get access to, like an addon record, category edit, etc. Data is found in the acos table.

From the Cake manual: 

ACL is what is used to decide when an ARO can have access to an ACO.

Remora Objects

AROs (things that need access):

  • users, with records added individually during creation or registration
  • groups, parent AROs we can use to define generic permissions for a large subset of users

ACOs (objects we want to control access for, by model):

  • addons
  • addontypes
  • applications
  • approvals
  • blapps
  • blitems
  • features
  • files
  • langs
  • platforms
  • previews
  • reviews
  • tags
  • translations
  • users
  • versions

ACL Tables

mysql> describe aros;
+---------+--------------+------+-----+---------+----------------+
| Field   | Type         | Null | Key | Default | Extra          |       
+---------+--------------+------+-----+---------+----------------+
| id      | int(11)      |      | PRI | NULL    | auto_increment |
| user_id | int(11)      | YES  |     | NULL    |                |       
| alias   | varchar(255) |      |     |         |                |       
| lft     | int(11)      | YES  |     | NULL    |                |       
| rght    | int(11)      | YES  |     | NULL    |                |       
+---------+--------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)

mysql> describe acos;
+-----------+--------------+------+-----+---------+----------------+
| Field     | Type         | Null | Key | Default | Extra          |       
+-----------+--------------+------+-----+---------+----------------+
| id        | int(11)      |      | PRI | NULL    | auto_increment |
| object_id | int(11)      | YES  |     | NULL    |                |       
| alias     | varchar(255) |      |     |         |                |       
| lft       | int(11)      | YES  |     | NULL    |                |       
| rght      | int(11)      | YES  |     | NULL    |                |       
+-----------+--------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)

mysql> describe aros_acos;
+---------+---------+------+-----+---------+----------------+
| Field   | Type    | Null | Key | Default | Extra          |       
+---------+---------+------+-----+---------+----------------+
| id      | int(11) |      | PRI | NULL    | auto_increment |
| aro_id  | int(11) | YES  |     | NULL    |                |       
| aco_id  | int(11) | YES  |     | NULL    |                |       
| _create | int(11) |      |     | 0       |                |       
| _read   | int(11) |      |     | 0       |                |       
| _update | int(11) |      |     | 0       |                |       
| _delete | int(11) |      |     | 0       |                |       
+---------+---------+------+-----+---------+----------------+
7 rows in set (0.00 sec)

Adding Permissions

We will want to check permissions for read/write items in particular.

Adding an ACO

Adding an ARO

Making group AROs

Retrieved from "https://wiki.mozilla.org/index.php?title=Update:Remora_Permissions&oldid=37663"