Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dev:acldesign [2007/02/10 11:55] fran |
dev:acldesign [2009/07/06 20:36] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | Main Author: [[http:// | + | Important Note: This page is DEPRECATED! |
+ | |||
+ | The new approach is documented here: | ||
+ | * [[security | ||
====== Introduction ====== | ====== Introduction ====== | ||
- | its obvious that ACL plays a vital role in Sahana which is responsible for maintaining lot of sensitive information. | + | ACL plays a vital role in Sahana which is responsible for maintaining |
- | its always a balance between access and security. | + | There' |
- | we don't want to prevent genuine users from access to vital information with unnecessary security barriers. | + | We don't want to prevent genuine users from access to vital information with unnecessary security barriers, particularly for Humantarian ICT. |
- | please provide suggestions on that balance particularly for Humantarian ICT. | + | We have a hierarchical ACL: |
- | we thought of having | + | |
- | sahana | + | Sahana |
- | Organization administrator: | + | Organization administrator: |
- | Organization users : | + | Organization users: organization administrator registers, data entry users, |
- | in terms of ACL :there are predefined roles | + | In terms of ACL, there are predefined roles |
- | we can let sahana admin define the roles ,makes it more flexible. | + | (We could let the sahana admin define the roles, |
- | but we have thought of giving so many configurable options to the user ,to make the application more flexible. the downside is the advanced user might get frustrated because,there are so many options ( why i say advanced | + | A new user can be assigned multiple roles (when the roles are defined |
+ | |||
+ | The advanced user can directly specify the permissable actions for a user for each resource without relying on roles. | ||
- | so new user can be assigned multiple roles ( when the roles are defined we make sure there are no conflicts). | ||
- | the advanced user can directly specify the permissbale actions for an user for each resource without relying on roles. | ||
====== ACL and Front controller ====== | ====== ACL and Front controller ====== | ||
- | The way the sahana framework works ,every request is routed via the | + | The way the sahana framework works, every request is routed via the |
- | front controller (index.php). front controller calls the function | + | front controller (index.php). |
identified using the $_GET[" | identified using the $_GET[" | ||
- | Before calling the function | + | If ACL is enabled, then an ACL check is done before calling the function. |
- | Therefore main resource we protect is the function that is called via | + | Therefore |
front controller. | front controller. | ||
- | currently | + | Currently |
- | Module(e.g.organization registry) developers can provide a script to | + | Module (e.g.organization registry) developers can provide a script to indicate which functions to protect. |
- | indicate which functions to protect. | + | The API is there for all ACL-specific things, but the interface now covers nearly the whole API. |
- | to register functions.(in System Administration) | + | |
- | The API is there for all ACL specific things ,but the interface now | + | |
- | contains | + | |
- | below is some sample code that registers a function to be protected and | + | Below is some sample code that registers a function to be protected and gives permission for the guest role to use it. |
- | gives permission for the guest role to use it. | + | |
- | Another important point is , since it is difficult for the lay user to | + | Since it is hard to specify permissions for each and every function, functions can be registered under function groups (e.g " |
- | specify permissions for each and every function, functions can be | + | |
- | registered under function groups (e.g " | + | |
- | permission | + | |
e.g : | e.g : | ||
- | // add an action group named " | + | |
- | + | $res=shn_acl_add_action_group(" | |
- | $res=shn_acl_add_action_group(" | + | |
- | + | // add an action name ' | |
- | //add an action name ' | + | $res=shn_acl_add_action(" |
- | + | ||
- | $res=shn_acl_add_action(" | + | // give permission for ' |
- | + | $res=shn_acl_add_perms_action_group_role(' | |
- | //give permission for ' | + | |
- | $res=shn_acl_add_perms_action_group_role(' | + | |
- | Above code is not complete , but i hope it gives an understanding of the | + | Above code is not complete, but I hope it gives an understanding of the |
design. | design. | ||
For example if the functions relevant to data input can be grouped under | For example if the functions relevant to data input can be grouped under | ||
- | " | + | " |
- | group.Then for user " | + | group. Then for user " |
- | group,Then front controller with the ACL library will make sure user " | + | group, |
cannot edit. | cannot edit. | ||
+ | [[acl|More complete Example]] | ||
- | Though the main resources | + | Though the main resource |
- | even database row locking. But there is no API for that as the need did | + | even database row locking. But there is no API for that as the need has |
- | not arise so far. | + | not arisen |
- | ====== Deep in to the design ====== | ||
- | from a technical point of view , there is an open source class phpGACL( http:// | ||
- | powerfull ACL capabilities. once you download phpGACL , in docs ,there is a very easy to understand manual ,i have attached it. | ||
- | just for your information GACL concept is | ||
- | there are resources/objects you need access | + | ====== Deep into the design ====== |
+ | This implementation is based on the open source class phpGACL: http:// | ||
+ | phpGACL has a very easy to understand manual, included in the download. | ||
- | there are requesters for these objects(e.g users): Access Request Objects (ARO) | + | GACL concept is: |
- | + | * There are resources/ | |
- | Then for fine grain control there are AXO' | + | * There are requesters for these objects (e.g users): Access Request Objects (ARO) |
+ | | ||
AXOs are identical to AROs in many respects. There is an AXO tree (separate from the ARO tree), with it's own Groups and AXOs. When dealing with AXOs, consider an AXO to take the old role of the ACO (i.e. " | AXOs are identical to AROs in many respects. There is an AXO tree (separate from the ARO tree), with it's own Groups and AXOs. When dealing with AXOs, consider an AXO to take the old role of the ACO (i.e. " | ||
ARO and ACO-only View: | ARO and ACO-only View: | ||
- | + | * AROs: Things requesting access | |
- | AROs: Things requesting access | + | |
- | + | ||
- | ACOs: Things to control access on | + | |
ARO, ACO and AXO View: | ARO, ACO and AXO View: | ||
- | + | * AROs: Things requesting access | |
- | AROs: Things requesting access | + | |
- | + | | |
- | ACOs: Actions that are requested | + | |
- | + | ||
- | AXOs: Things to control access on | + | |
Example: | Example: | ||
- | + | * A website manager is trying to manage access to projects on the website. The ARO tree consists of all the users: | |
- | A website manager is trying to manage access to projects on the website. The ARO tree consists of all the users: | + | |
Website | Website | ||
Line 141: | Line 129: | ||
The actions that can be taken with each project are " | The actions that can be taken with each project are " | ||
- | GACL provides a very easy to use API to specify ACO, ARO,AXO | + | GACL provides a very easy to use API to specify ACO, ARO, AXO. |
- | GACL is used by many popular sites.(dotProject, Mambo) | + | Once we verify the user identity |
- | see http:// | ||
- | therefore once we verify the user identity , we just need to call the API with the username(or role) , with the name of the resource and the action. | + | GACL is used by many popular projects |
- | + | * see http:// | |
- | it will output DENY or ALLOW. | + | |
+ | Main Author: [[http:// | ||