author | Sylvain Thenault <sylvain.thenault@logilab.fr> |
Mon, 22 Dec 2008 17:35:07 +0100 | |
changeset 259 | d7bb01e5be9d |
parent 93 | 9c919a47e140 |
permissions | -rw-r--r-- |
32
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
1 |
.. -*- coding: utf-8 -*- |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
2 |
|
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
3 |
Utilisateurs de l'application : Le contrôle d'accès |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
4 |
=================================================== |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
5 |
|
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
6 |
|
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
7 |
Vocabulaire |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
8 |
----------- |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
9 |
* Personne, Societe définissent deux *types* d'entité |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
10 |
* "Personne travaille_pour Societé" déclare qu'une relation |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
11 |
travaille_pour peut exister entre une entité de type Personne et une |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
12 |
entité de type Societe. L'ensemble des règles de ce type appliqué |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
13 |
à la relation "travaille_pour" définit le schéma de la relation |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
14 |
"travaille_pour" |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
15 |
|
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
16 |
|
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
17 |
Description du modèle de sécurité |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
18 |
--------------------------------- |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
19 |
|
42 | 20 |
Le modèle de sécurité de CubicWeb est un modèle fondé sur des `Access |
32
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
21 |
Control List`. Les notions sont les suivantes : |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
22 |
|
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
23 |
* utilisateurs et groupes d'utilisateurs |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
24 |
* un utilisateur appartient à au moins un groupe |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
25 |
* droits (lire, modifier, créer, supprimer) |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
26 |
* les droits sont attribués aux groupes (et non aux utilisateurs) |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
27 |
|
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
28 |
Pour CubicWeb plus spécifiquement : |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
29 |
|
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
30 |
* on associe les droits au niveau des schemas d'entites / relations |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
31 |
* pour chaque type d'entité, on distingue les droits de lecture, |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
32 |
ajout, modification et suppression |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
33 |
* pour chaque type de relation, on distingue les droits de lecture, |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
34 |
ajout et suppression (on ne peut pas modifer une relation) |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
35 |
* les groupes de base sont : Administrateurs, Utilisateurs, Invités |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
36 |
* les utilisateurs font par défaut parti du groupe Utilisateurs |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
37 |
* on a un groupe virtuel "Utilisateurs Propriétaires", auquel on peut |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
38 |
associer uniquement les droits de suppression et de modification |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
39 |
* on ne peut pas mettre d'utilisateurs dans ce groupe, ils y sont |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
40 |
ajoutés implicitement dans le contexte des objets dont ils sont |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
41 |
propriétaires |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
42 |
* les droits de ce groupe ne sont vérifiés que sur |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
43 |
modification / suppression si tous les autres groupes auxquels |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
44 |
l'utilisateur appartient se sont vu interdir l'accès |
ffe4188a33e8
Moved security description to general content.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
diff
changeset
|
45 |