Total Knowledge Projects Jobs Clientele Contact

UU Database

Personal tools
From Total Knowledge
(Difference between revisions)
Jump to: navigation, search
(ACL implementation)
== ACL implementation ==
== ACL implementation ==
-
ACL is implemented on per-table basis. For every table covered by ACL, there is a table with the same name appended with "_acl". The ACL tables have similar structure. They contain references to the user (person id) and to the object (object id), accompanied with the access field. An access field is an integer that contains a bit combination of the available access values:
+
ACL is implemented on object type and object id basis. The ACL table contains references to the group id, the object type id, and the object (object id), accompanied with the access field. An access field is an integer that contains a bit combination of the available access values:
 +
 
<table border=1 bgcolor="#A0FFA0">
<table border=1 bgcolor="#A0FFA0">
<th>access name</th><th>access value</th><th>Description</th><th> Comments </th>
<th>access name</th><th>access value</th><th>Description</th><th> Comments </th>
<tr><td> No access </td><td> 0 or NULL </td><td> User may not have any access to the object </td></tr>
<tr><td> No access </td><td> 0 or NULL </td><td> User may not have any access to the object </td></tr>
<tr><td> View </td><td> 1 </td><td>User may browse and view the content of the object</td></tr>
<tr><td> View </td><td> 1 </td><td>User may browse and view the content of the object</td></tr>
-
<tr><td> Modify </td><td> 2 </td> <td> User may modify the object but not the object access </td> </tr>
+
<tr><td> Study </td><td> 2 </td> <td> User (student) may submit his answer or solution of the problem </td> <td> Always set for Open Server </td>  </tr>
-
<tr><td> Delete </td><td> 4 </td> <td> User may delete the object </td> </tr>
+
<tr><td> Modify </td><td> 4 </td> <td> User may modify the object but not the object access </td> </tr>
-
<tr><td> Grant Access </td><td> 8 </td> <td> User may grant or change access to the object to other user(s) </td> </tr>
+
<tr><td> Delete </td><td> 8 </td> <td> User may delete the object </td> </tr>
-
<tr><td> Study </td><td> 16 </td> <td> User (student) may submit his answer or solution of the problem </td> <td> Always set for Open Server </td>  </tr>
+
<tr><td> Add Version </td><td> 16 </td> <td> User may create his own version of the object </td> <td> Always set for Open Server </td>  </tr>
-
<tr><td> Add Version </td><td> 32 </td> <td> User may create his own version of the object </td> <td> Always set for Open Server </td>  </tr>
+
<tr><td> Link </td> <td> 32 </td> <td> User may link to this object in his objects </td> <td> Always set for Open Server </td>  </tr>
-
<tr><td> Add Translation </td><td> 64 </td> <td> User may create his own translated version of the object </td> <td> Always set for Open Server </td> </tr>
+
<tr><td> Translate </td><td> 64 </td> <td> User may create his own translated version of the object </td> <td> Always set for Open Server </td> </tr>
-
<tr><td> Reference </td> <td> 128 </td> <td> User may refer to this object in his objects </td> <td> Always set for Open Server </td> </tr>
+
<tr><td> Teach </td><td> 128 </td> <td> User may teach this version of the object </td> <td> </td> </tr>
 +
<tr><td> Group administration </td><td> 256 </td> <td> User may include or exclude other users in the object groups </td> <tr><td> Catalog administration </td><td> 512 </td> <td> User may edit catalogs </td> <td> </td> </tr>
</table>
</table>
-
Here is the example of the topic_list_acl table:
+
A particular person has a permission to object that combine permissions of all groups of th object, the person is a member of.
-
<pre>
+
-
create table topic_list_acl (
+
-
  tla_id serial int primary key,
+
-
  tla_person int references person_list(pl_id),
+
-
  tla_topic int references topic_list(tl_id),
+
-
  tla_access int default 0
+
-
)
+
-
</pre>
+
-
ACL entries are maintained with the single stored procedure acl_set( table_name varchar(40), person int, access int ). Upon execution, stored procedure checks if the user has "Grant Access" right on the object, and if modifies the access for the person. If the required ACL entry doesn't exist it is created.
+
ACL entries are maintained with the stored procedures acl_grant and acl_revoke. Upon execution, stored procedures check if the user has "Modify" right on the object, and then modifies the access for the group. If the required ACL entry doesn't exist it is created.
-
ACL entries are performed slightly differently for the open server and proprietary server configurations. For the open server, the special right bits (Study..Reference) are always set, allowing unlimited Study..Reference use.
+
ACL entries perform slightly differently for the open server and proprietary server configurations. For the open server, the special right bits (Study..Link) are always set, allowing unlimited Study..Link use.
== Database objects ==
== Database objects ==

Revision as of 09:27, 5 February 2009