Update:Remora Permissions: Difference between revisions
Jump to navigation
Jump to search
| Line 12: | Line 12: | ||
= Remora Objects = | = Remora Objects = | ||
AROs: | AROs (things that need access): | ||
* users, with records added individually during creation or registration | |||
* groups, parent AROs we can use to define generic permissions for a large subset of users | |||
ACOs: | ACOs (objects we want to control access for, by model): | ||
* addons | |||
* addontypes | |||
* applications | |||
* approvals | |||
* blapps | |||
* blitems | |||
* features | |||
* files | |||
* langs | |||
* platforms | |||
* previews | |||
* reviews | |||
* tags | |||
* translations | |||
* users | |||
* versions | |||
= Adding Permissions = | = Adding Permissions = | ||
Revision as of 15:58, 12 October 2006
Intro
Before you continue reading this, RTFCM on ACLs.
Definitions
- ACL - Access Control List, this is our list of "what can access what", and is controlled by the aros_acos table.
- ARO - Access Request Object, this is typically a user or any other entity that wants access to something. Data is found in the aros table.
- ACO - Access Control Object, this is an object that people get access to, like an addon record, category edit, etc. Data is found in the acos table.
From the Cake manual:
ACL is what is used to decide when an ARO can have access to an ACO.
Remora Objects
AROs (things that need access):
- users, with records added individually during creation or registration
- groups, parent AROs we can use to define generic permissions for a large subset of users
ACOs (objects we want to control access for, by model):
- addons
- addontypes
- applications
- approvals
- blapps
- blitems
- features
- files
- langs
- platforms
- previews
- reviews
- tags
- translations
- users
- versions
Adding Permissions
We will want to check permissions for read/write items in particular.