Re: [Openinteract-help] Authentication

[Chris W. <ch...@cw...>]

Alex McLintock wrote:
> I may be a bit dim in trying to rtfm, but I am looking to see how 
> OpenInteract handles authentication and authorisation. Ideally I would 
> like a system which stores users, roles, and allows pages to be 
> authorised by role. I'd ideally like there to be a superuser type role 
> which can edit users and roles.
> 
> Does such a thing exist? I assume it is the sort of thing which gets 
> re-written time and time again.

You're not dim. The docs need some re-org (coming in version 2!), 
and I just noticed that the security doc isn't on the documentation 
index page.

Anyway, this is all built-in. Authentication is done through a 
standard user object, and during the 'install_sql' process a 
'superuser' object is created which has rights to do everything. You 
should really only use it to create an admin user and assign that 
user to the 'site admin' group. (The 'site admin' and 'public' 
groups are also created at 'install_sql' time.)

Authorization is done by a fairly flexible security scheme. You can 
assign security on a per-object basis and also assign security to 
particular actions. Additionally, security for pages is implemented 
in a hierarchical fashion: you can set it on a directory and have it 
inherited to subdirectories and pages.

More in the following documents:

  http://openinteract.sourceforge.net/docs/security.shtml
  http://spops.sourceforge.net/doc/SPOPS/Manual/Security.shtml

Chris

-- 
Chris Winters (ch...@cw...)
Building enterprise-capable snack solutions since 1988.