Update:Remora Permissions: Difference between revisions

Update:Remora Permissions (view source)

Revision as of 01:53, 11 February 2007

2,423 bytes removed , 11 February 2007

controllers and actions

Wenzel

Confirmed users

1,209

edits

@@ Line 1: / Line 1: @@
 [[Update:Remora|&laquo; Back to Update:Remora]]
-= Intro =
+== Permissions ==
-* [http://manual.cakephp.org/chapter/acl CakePHP Manual on ACLs].
+Remora's permissions are granted by-group.
-* [http://www.noswad.me.uk/MiBlog/ACLPart1 ACL blog about DB ACL].
-* [http://www.thinkingphp.org/2006/10/03/a-lightweight-approach-to-acl-the-33-lines-of-magic/ A different ACL approach].
-* [http://wiki.cakephp.org/docs:acl:introduction CakePHP Wiki intro to DB ACL].
-= Definitions =
+== Public permissions ==
-* ACL - Access Control List, this is our list of "what can access what", and is controlled by the aros_acos table.
+Controllers, actions and their permissions.
-* ARO - Access Request Object, this is typically a user or any other entity that wants access to something.  Data is found in the aros table.
-* ACO - Access Control Object, this is an object that people get access to, like an addon record, category edit, etc.  Data is found in the acos table.
-From the Cake manual:
+* addons_controller -- all public
- ACL is what is used to decide when an ARO can have access to an ACO.
+** display
+** browse
+** home
+** browse
+** recommended
+** policy
+** previews
+** versions
+** rss
-= Remora Objects =
+* developers_controller -- all private (Users)
-AROs (things that need access):
+** index
-* users, with records added individually during creation or registration
+** summary
-* groups, parent AROs we can use to define generic permissions for a large subset of users
+** details
+** add
+** edit
+** editVersion
+** nominate
+** authorLookup
-ACOs (objects we want to control access for, by model):
+* downloads_controller -- all public
-* addons
+** file
-* addontypes
-* applications
-* approvals
-* blapps
-* blitems
-* features
-* files
-* langs
-* platforms
-* previews
-* reviews
-* tags
-* translations
-* users
-* versions
-= ACL Tables =
+* editors_controller -- all private (Editors)
- mysql> describe aros;
+** index
- +---------+--------------+------+-----+---------+----------------+
+** queue
- | Field   | Type         | Null | Key | Default | Extra          |
+** review
- +---------+--------------+------+-----+---------+----------------+
+** file
- | id      | int(11)      |      | PRI | NULL    | auto_increment |
- | user_id | int(11)      | YES  |     | NULL    |                |
- | alias   | varchar(255) |      |     |         |                |
- | lft     | int(11)      | YES  |     | NULL    |                |
- | rght    | int(11)      | YES  |     | NULL    |                |
- +---------+--------------+------+-----+---------+----------------+
-rows in set (0.00 sec)
- mysql> describe acos;
- +-----------+--------------+------+-----+---------+----------------+
- | Field     | Type         | Null | Key | Default | Extra          |
- +-----------+--------------+------+-----+---------+----------------+
- | id        | int(11)      |      | PRI | NULL    | auto_increment |
- | object_id | int(11)      | YES  |     | NULL    |                |
- | alias     | varchar(255) |      |     |         |                |
- | lft       | int(11)      | YES  |     | NULL    |                |
- | rght      | int(11)      | YES  |     | NULL    |                |
- +-----------+--------------+------+-----+---------+----------------+
-rows in set (0.00 sec)
- mysql> describe aros_acos;
- +---------+---------+------+-----+---------+----------------+
- | Field   | Type    | Null | Key | Default | Extra          |
- +---------+---------+------+-----+---------+----------------+
- | id      | int(11) |      | PRI | NULL    | auto_increment |
- | aro_id  | int(11) | YES  |     | NULL    |                |
- | aco_id  | int(11) | YES  |     | NULL    |                |
- | _create | int(11) |      |     | 0       |                |
- | _read   | int(11) |      |     | 0       |                |
- | _update | int(11) |      |     | 0       |                |
- | _delete | int(11) |      |     | 0       |                |
- +---------+---------+------+-----+---------+----------------+
-rows in set (0.00 sec)
-= Adding Permissions =
+* favorites_controller -- (empty)
-We will want to check permissions for read/write items in particular.
+* features_controller -- (empty)
+* files_controller -- ?
-= Adding an ACO =
+* groups_controller -- all private (Admins)
+** index
+** add
+** edit
+** delete
-= Adding an ARO =
+* images_controller -- all public
+** setImage ...should not be an action?
+** addon_icon
+** addon_preview
+** application_icon
+** platform_icon
+** preview_thumb
+** preview
-= Making group AROs =
+* legacy_url_controller -- all public
+** addonId
+** authorId
+* pages_controller -- all public
+** display
+* previews_controller -- all private (Users)
+** add
+** edit
+* reviews_controller
+** display -- public
+** add -- Users only
+* search_controller -- all public
+** index
+** rss
+* users_controller
+** index
+** register
+** verify
+** pwreset
+** login
+** logout
+** edit -- Users only
+** info