MozillaWiki

Update:Remora Permissions

Revision as of 04:39, 18 October 2006 by Morgamic (talk | contribs) (→‎Intro)

« Back to Update:Remora

Intro

Definitions

  • ACL - Access Control List, this is our list of "what can access what", and is controlled by the aros_acos table.
  • ARO - Access Request Object, this is typically a user or any other entity that wants access to something. Data is found in the aros table.
  • ACO - Access Control Object, this is an object that people get access to, like an addon record, category edit, etc. Data is found in the acos table.

From the Cake manual: 

ACL is what is used to decide when an ARO can have access to an ACO.

Remora Objects

AROs (things that need access):

  • users, with records added individually during creation or registration
  • groups, parent AROs we can use to define generic permissions for a large subset of users

ACOs (objects we want to control access for, by model):

  • addons
  • addontypes
  • applications
  • approvals
  • blapps
  • blitems
  • features
  • files
  • langs
  • platforms
  • previews
  • reviews
  • tags
  • translations
  • users
  • versions

ACL Tables

mysql> describe aros;
+---------+--------------+------+-----+---------+----------------+
| Field   | Type         | Null | Key | Default | Extra          |       
+---------+--------------+------+-----+---------+----------------+
| id      | int(11)      |      | PRI | NULL    | auto_increment |
| user_id | int(11)      | YES  |     | NULL    |                |       
| alias   | varchar(255) |      |     |         |                |       
| lft     | int(11)      | YES  |     | NULL    |                |       
| rght    | int(11)      | YES  |     | NULL    |                |       
+---------+--------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)

mysql> describe acos;
+-----------+--------------+------+-----+---------+----------------+
| Field     | Type         | Null | Key | Default | Extra          |       
+-----------+--------------+------+-----+---------+----------------+
| id        | int(11)      |      | PRI | NULL    | auto_increment |
| object_id | int(11)      | YES  |     | NULL    |                |       
| alias     | varchar(255) |      |     |         |                |       
| lft       | int(11)      | YES  |     | NULL    |                |       
| rght      | int(11)      | YES  |     | NULL    |                |       
+-----------+--------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)

mysql> describe aros_acos;
+---------+---------+------+-----+---------+----------------+
| Field   | Type    | Null | Key | Default | Extra          |       
+---------+---------+------+-----+---------+----------------+
| id      | int(11) |      | PRI | NULL    | auto_increment |
| aro_id  | int(11) | YES  |     | NULL    |                |       
| aco_id  | int(11) | YES  |     | NULL    |                |       
| _create | int(11) |      |     | 0       |                |       
| _read   | int(11) |      |     | 0       |                |       
| _update | int(11) |      |     | 0       |                |       
| _delete | int(11) |      |     | 0       |                |       
+---------+---------+------+-----+---------+----------------+
7 rows in set (0.00 sec)

Adding Permissions

We will want to check permissions for read/write items in particular.

Adding an ACO

Adding an ARO

Making group AROs

Retrieved from "https://wiki.mozilla.org/index.php?title=Update:Remora_Permissions&oldid=38136"