Important Note: This page is DEPRECATED!

The new approach is documented here:

Example

All new modules need to respect the ACL settings when accessing data in tables. If they also wish to use ACL to protect additional tables, then during installation, information on what to protect and default permissions needs to be saved to the database. Therefore a function should be written similar to the one below.

Please note that the below function contains two parts:

  1. Sahana-common ACL configuration
  2. Module-specific configuration

Note: Modules should include only the Module-specific configuration. Sahana-common ACL will go in the setup script of Sahana. For the time being, as we don't have a setup script, this common code is also there in the function below.

 
function shn_or_acl_setup(){
 	global $global;
    include_once $global['approot']. 'inc/lib_security/acl_api.inc';
    include_once $global['approot'].'inc/lib_security/acl.inc';
 
 
 
/*****************************************************************/
/** ACL common to all modules, this piece of code will be moved from
or_acl_setup to sahana setup script once it's available
**/
    $acl=new SahanaACL(NULL);
    /**
    add a section to categorize sahana users in ARO table.
    used is a function in acl.inc which you need not call
    as module writers. "users" section needs to be added only
    once per sahana and will be done at the installation
    */
    $acl->_shn_add_section("users","users of sahana","ARO");
    /**
    add a section to categorize sahana actions in AXO table.
    used is a function in acl.inc which you need not call
    as module writers. "actions" section needs to be added only
    once per sahana and will be done during the installation
    */
    $acl->_shn_add_section("actions","actions available in sahana","ARO");
    //add a group to contain Sahana AROs(root group)
    $acl->_shn_add_aro_group("sahana","Sahana ARO root",0);
     // add a role named guest
    $res=shn_acl_add_role("guest","guest role");
   // add a role named user
    $res=shn_acl_add_role("user","Normal user role");
   // add a role named guest
    $res=shn_acl_add_role("admin","Administrator role");
    //add a group to contain Sahana AXOs(root group)
    $acl->_shn_add_axo_group("sahana","Sahana AXO root",0);
    /** add a ACO , not neccesary to protect actions, but when we go to
    table and field level protection need to separate "read","write"
    permissions , hence requires ACO
    */
   $res=shn_acl_add_perm_type("execute","execute permission");
 
 /*****************************************************************/
 /** start of or(module) specific ACL entries
 **/
 
     // add a module named "or"
    $res=shn_acl_add_module("or","organization reg");
 
    /** action groups **/
    // add an action group named "create" under the module "or"
    $res=shn_acl_add_action_group("or","create","create group");
    // add an action group named "delete" under the module "or"
    $res=shn_acl_add_action_group("or","delete","delete group");
    // add an action group named "update" under the module "or"
    $res=shn_acl_add_action_group("or","update","update group");
    // add an action group named "view" under the module "or"
    $res=shn_acl_add_action_group("or","view","view group");
    //add an action name 'shn_or_reg_org"  under the above action group
    $res=shn_acl_add_action("or","create","shn_or_reg_org","Register function");
    $res=shn_acl_add_action("or","create","shn_or_reg_org_cr","Register function");
    $res=shn_acl_add_action("or","create","shn_or__reg_branch_cr","Register function");
    $res=shn_acl_add_action("or","create","shn_or_reg_vol","Register function");
    $res=shn_acl_add_action("or","create","shn_or_reg_vol_cr","Register function");
    $res=shn_acl_add_action("or","view","shn_or_view_org","View function");
    $res=shn_acl_add_action("or","view","shn_or_default","View function");
    // add an action case name "view_all"  under the above case
    $res=shn_acl_add_action_case("or","view","shn_or_view_org","all","action case");
 
    //give permission for 'create' action group within 'or' to 'guest' role
    $res=shn_acl_add_perms_action_group_role('guest','or','create');

Main Author: Ravindra de Silva Contributors: …


Navigation
  • Navigate