Menu
▾
▴
[Openinteract-commits] CVS: OpenInteract2/doc/Manual Security.pod,1.8,1.9
|
From: Chris W. <la...@us...> - 2004-11-30 02:17:50
|
Update of /cvsroot/openinteract/OpenInteract2/doc/Manual In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4223/Manual Modified Files: Security.pod Log Message: inline security examples Index: Security.pod =================================================================== RCS file: /cvsroot/openinteract/OpenInteract2/doc/Manual/Security.pod,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** Security.pod 17 Feb 2004 04:30:11 -0000 1.8 --- Security.pod 30 Nov 2004 02:17:41 -0000 1.9 *************** *** 49,53 **** PostgreSQL syntax): ! [% INCLUDE examples/security_table_schema | indent(4) %] Some notes on this table: --- 49,62 ---- PostgreSQL syntax): ! CREATE TABLE security ( ! sid int not null, ! object_id varchar(200) not null, ! class varchar(20) not null, ! scope char(1) not null, ! scope_id varchar(16) not null default 'world', ! level char(1) not null, ! primary key ( sid ), ! unique ( object_id, class, scope, scope_id ) ! ) Some notes on this table: *************** *** 120,124 **** implemented security: ! [% INCLUDE examples/security_simple_fetch | indent 4 %] SPOPS first ensures that the current user can READ it before fetching --- 129,135 ---- implemented security: ! my $file = eval { ! OpenInteract2::MyFileClass->fetch( $id ) ! }; SPOPS first ensures that the current user can READ it before fetching *************** *** 132,136 **** You can check for this as follows: ! [% INCLUDE examples/security_simple_fetch_catch | indent 4 %] Similarly, if you try to retrieve a group of objects, SPOPS will only --- 143,155 ---- You can check for this as follows: ! my $file = eval { ! OpenInteract2::MyFileClass->fetch( $id ) ! }; ! if ( $@->isa( 'SPOPS::Exception::Security' ) ) { ! warn "You do not have permission to look at item $id"; ! } ! else { ! warn "Error when trying to retrieve item $id: $@"; ! } Similarly, if you try to retrieve a group of objects, SPOPS will only *************** *** 140,144 **** always set by the C<fetch()> method. For instance: ! [% INCLUDE examples/security_object_level_check | indent 4 %] If you try to write (create, update or remove) an object, SPOPS ensures --- 159,171 ---- always set by the C<fetch()> method. For instance: ! my $file = eval { ! OpenInteract2::MyFileClass->fetch( $id ) ! }; ! if ( $obj->{tmp_security_level} == SEC_LEVEL_READ ) { ! warn "User has READ access"; ! } ! elsif ( $obj->{tmp_security_level} == SEC_LEVEL_WRITE ) { ! warn "User has WRITE access"; ! } If you try to write (create, update or remove) an object, SPOPS ensures *************** *** 175,179 **** C<base_user> package: ! [% INCLUDE examples/security_user_creation_security | indent 2 %] So here we've declared that every 'user' object created by the system --- 202,214 ---- C<base_user> package: ! [user] ! class = OpenInteract2::User ! is_secure = yes ! ... ! ! [user creation_security] ! user = ! group = site_admin_group:WRITE ! world = READ So here we've declared that every 'user' object created by the system *************** *** 186,194 **** example) in your server configuration: ! [% INCLUDE examples/security_config_default_objects | indent 2 %] Then set the relevant SPOPS 'creation_security' key: ! [% INCLUDE examples/security_creation_security_newgroup | indent 2 %] =head1 FUTURE WORK --- 221,241 ---- example) in your server configuration: ! [default_objects] ! ... ! public_group = 2 ! site_admin_group = 3 ! content_admin_group = 5 Then set the relevant SPOPS 'creation_security' key: ! [document] ! class = OpenInteract2::Document ! is_secure = yes ! ... ! ! [document creation_security] ! user = ! group = content_admin_group:WRITE ! world = READ =head1 FUTURE WORK |
