Update:Remora Permissions

From MozillaWiki
Jump to navigation Jump to search

« Back to Update:Remora

Intro

Before you continue reading this, RTFCM on ACLs.

Definitions

  • ACL - Access Control List, this is our list of "what can access what", and is controlled by the aros_acos table.
  • ARO - Access Request Object, this is typically a user or any other entity that wants access to something. Data is found in the aros table.
  • ACO - Access Control Object, this is an object that people get access to, like an addon record, category edit, etc. Data is found in the acos table.

From the Cake manual: 

ACL is what is used to decide when an ARO can have access to an ACO.

Remora Objects

AROs (things that need access):

  • users, with records added individually during creation or registration
  • groups, parent AROs we can use to define generic permissions for a large subset of users

ACOs (objects we want to control access for, by model):

  • addons
  • addontypes
  • applications
  • approvals
  • blapps
  • blitems
  • features
  • files
  • langs
  • platforms
  • previews
  • reviews
  • tags
  • translations
  • users
  • versions

Adding Permissions

We will want to check permissions for read/write items in particular.

Adding an ACO

Adding an ARO

Making group AROs

Retrieved from "https://wiki.mozilla.org/index.php?title=Update:Remora_Permissions&oldid=35856"