Access Control

Gizmo(QP) offers a simple way for page exportables to declare access controls, that it then processes on each request, as per the user’s permissions.

Page Access Control Model

The Gizmo(QP) access control model — rides on and is entirely compatible with that in QP — supports the association ofarbitrary permissions with any user and any persistent object. However, page exportables are not persistent objects, in the database sense, so as a Page Access Control Model, we adopt a simplified form of the general case. The difference is that a permission is always granted site-wide (the granter of the permission is taken to be True), thus leaving us with essentially a simple permission string tagging system:

  1. Declaration, on each page exportable, of what basic permissions are required.
  2. Granting of either basic or of restricted/extended permissions to users.

All basic permissions imply that the user may view the resource. In some cases we may wish to restrict or extend this basic assumption, e.g. if we wish to selectively restrict to only be able to traverse the resource (only see the child resources), or to selectively extend to allow the user to also be able to modify the resource, should that action be supported. Thus, a restricted permission is implied by a basic permission, while an extended permission extends a basic permission (and is not implied by it, i.e. must be additionally granted explicitly).

Basic permissions are declared via the allow tuple of the X instance for the exportable, evaluation of which is handled by gz.fill.directory.Directory.is_allowed(). All permissions specified in an allow tuple for an exportable always ORcombined. On the other hand, parent page and child page allow tuples are always AND combined (of course).

For the task of un/granting permissions to users, Gizmo provides a User Administration GUI utility.

Basic Permissions

Basic permissions imply that the user may view the resource. A resource may only require basic permissions, i.e. you always declare only basic permissions on a page exportable.

anonymous
description Implied permission, when a user is not authenticated, i.e. not logged in. Exportable is accessible to everyone, but it will only appear in the menu for users that are not logged in.
exportable declares anonymous
user implicitly has permission when not logged in
in menu appears when user is not logged in
accessibility always, everyone

authenticated
description Implied permission, when a user is authenticated, i.e. logged in. Exportables requiring authenticated wil also appear in the menu for users that are not logged in, and will display a login facility if the user makes the request.
exportable declares authenticated
user implicitly has permission when logged in
in menu always appears
accessibility when logged in

administrator
description Needed for anything requiring administration privileges. e.g. the Administer facility. Users that are granted the administrator permission also get access to everything else. Resources requiring authenticated will not appear in the menu for users that are not granted this permission. Implies that authenticated is also a required permission.
exportable declares administrator
user is granted administrator
in menu appears if granted
accessibility if granted

non-administrator
description Users that are granted the non-administrator permission get access to everything that does not require the administrator permission. This is convenient for cases when a key management person needs free site-wide access, but with no need to access any administration tools. Implies that authenticated is also a required permission.
exportable declares non-administrator
user is granted non-administrator
in menu appears if granted
accessibility if granted

<permission>
description An arbitrary permission. Implies that authenticated is also a required permission.
exportable declares <permission>
user is granted <permission>
in menu appears if granted
accessibility if granted

Permission Restrictions and Extensions

Permission restrictions and extensions are distinct permissions that are derived from basic permissions as follows:

‘%s_%s’ % (basic_permission, qualification)

where qualification is the restriction or extension. Such permissions are only granted to a user, i.e. are never set on the resource — only basic permissions are set on resources.

Gizmo(QP) supports the automatic handling of the following restrictions and extensions. Note that these permission restrictions and extensions are fully supported by the Gizmo User Administration utility, thus making permission management very easy.

traverse
description User may only traverse this resource, i.e. only see the child resources. A resource that requires a <permission> will appear in the menu for a user that has been granted <permission>_traverse.
exportable declares <permission>
user is granted <permission>_traverse
in menu appears if granted
accessibility not acessible, gives unauthorized

createupdatedelete
description A user granted <permission>_create / _update / _delete may access a the associated crud sub-resource for a resource that requires <permission>.
exportable declares <permission> — however, an application that provides secondary exportables for createupdate and deletefunctions that act on the primary exportable assumes the responsibility to require the appropriate extended permission.
user is granted <permission>_create / _update / _delete
in menu appears if granted
accessibility not acessible, gives unauthorized

More Information

  • the module: gz.fill.directory
  • the module: qp.pub.user
  • the User Administration GUI utility instance in the Comprehensive Demo