Gizmo(QP) offers a simple way for page exportables to declare
access controls, that it then processes on each request,
as per the user’s permissions.
Page Access Control Model
The Gizmo(QP) access control model —
rides on and is entirely compatible with that in QP —
supports the association of
arbitrary permissions with any user and
any persistent object.
However, page exportables are not persistent objects,
in the database sense, so as a Page Access Control Model,
we adopt a simplified form of the general case. The difference is that
a permission is always granted site-wide
(the granter of the permission is taken to be True),
thus leaving us with essentially a simple permission string
tagging system:
- Declaration, on each page exportable, of what basic permissions
are required. - Granting of either basic or
of restricted/extended permissions to users.
All basic permissions imply that the user may view the resource.
In some cases we may wish to restrict or extend this basic assumption,
e.g. if we wish to selectively restrict to only be able to traverse
the resource (only see the child resources), or to selectively extend to
allow the user to also be able to modify the resource, should that
action be supported. Thus, a restricted permission is implied
by a basic permission, while an extended permission extends a basic permission
(and is not implied by it, i.e. must be additionally granted explicitly).
Basic permissions are declared via the allow tuple
of the X instance for the exportable, evaluation of which is
handled by gz.fill.directory.Directory.is_allowed().
All permissions specified in an allow tuple for an
exportable always OR combined.
On the other hand, parent page and child page allow tuples
are always AND combined (of course).
For the task of un/granting permissions to users, Gizmo
provides a User Administration GUI utility.
Basic Permissions
Basic permissions imply that the user may view the resource.
A resource may only require basic permissions, i.e. you always
declare only basic permissions on a page exportable.
anonymous
description
Implied permission, when a user is not authenticated, i.e. not logged in.
Exportable is accessible to everyone, but it will only appear in the menu for
users that are not logged in.
exportable declares anonymous
user implicitly has permission when not logged in
in menu appears when user is not logged in
accessibility always, everyone
authenticated
description
Implied permission, when a user is authenticated, i.e. logged in.
Exportables requiring authenticated wil also appear in the menu for users
that are not logged in, and will display a login facility if the user makes the
request.
exportable declares authenticated
user implicitly has permission when logged in
in menu always appears
accessibility when logged in
administrator
description
Needed for anything requiring administration privileges. e.g. the Administer facility.
Users that are granted the administrator permission also get access to
everything else.
Resources requiring authenticated will not appear in the menu for
users that are not granted this permission.
Implies that authenticated is also a required permission.
exportable declares administrator
user is granted administrator
in menu appears if granted
accessibility if granted
non-administrator
description
Users that are granted the non-administrator permission get access to
everything that does not require the administrator permission.
This is convenient for cases when a key management person needs free site-wide
access, but with no need to access any administration tools.
Implies that authenticated is also a required permission.
exportable declares non-administrator
user is granted non-administrator
in menu appears if granted
accessibility if granted
<permission>
description
An arbitrary permission.
Implies that authenticated is also a required permission.
exportable declares <permission>
user is granted <permission>
in menu appears if granted
accessibility if granted
Permission Restrictions and Extensions
Permission restrictions and extensions are distinct permissions that are derived
from basic permissions as follows:
where qualification is the restriction or extension.
Such permissions are only granted to a user, i.e. are never set on the
resource — only basic permissions are set on resources.
Gizmo(QP) supports the automatic handling of the following restrictions and extensions.
Note that these permission restrictions and extensions are fully supported by the
Gizmo User Administration utility, thus making permission management very easy.
traverse
description
User may only traverse this resource, i.e. only see the child resources.
A resource that requires a <permission> will appear in the menu
for a user that has been granted <permission>_traverse.
exportable declares <permission>
user is granted <permission>_traverse
in menu appears if granted
accessibility not acessible, gives unauthorized
create, update, delete
description
A user granted
<permission>_create / _update / _delete
may access a the associated crud sub-resource for a resource that requires
<permission>.
exportable declares <permission> — however, an application that provides secondary exportables for create, update and delete functions that act on the primary exportable assumes the responsibility to require the appropriate extended permission.
user is granted
<permission>_create / _update / _delete
in menu appears if granted
accessibility not acessible, gives unauthorized
More Information
- the module: gz.fill.directory
- the module: qp.pub.user
- the User Administration GUI utility instance in the
Comprehensive Demo