[aida] Security

Janko Mivšek janko.mivsek at eranova.si
Mon Oct 8 22:16:54 CEST 2007


Hi Dirk,

I just came from the mountains, so the answer is a bit late :)

And by the way, what an impressive web site you are building, not to 
mention how feature rich is already. Good work!

Dirk Verleysen wrote:

> Is there some documentation available on Security ?

No, not yet, mainly because I'd like to rewrite Admin>Security part before.

Just FYI: this part is actually one of the first Aida web apps back from 
1996, so you can have a clue how things got started :)

> I added the following to my site:
>  (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html' 
> forObject: WebSecurityManager new.

I would not recommend to make another security manager, because there is 
already one, accessible directly as anAIDASite securityManager and this 
one is actually used by Aida while yours is not.

> I now can add groups and users but cannot remove groups. Are there some 
> rules for users and groups like Administrators, AllUsers, Guest ?

I see, group removing through web UI is currently broken, but you can 
remove it manually through inspector for now. I'll patch this soon.

User Guest is special because every user is Guest until he logs in. And 
become again Guest when logout.

Group Administrators is also special because users in that group have 
kind of "root" privileges - they can do everything

Group AllUsers is another special one, because all users are members of 
that group by default.

Group Registered Users holds users who went successfully through a 
complete registration process to that group.

To set up access rights, you should:

- for public access, set access rights to group AllUsers
- for access to all guest users, set user Guest
- for access to all logged-in users, set group Registered Users
- to limit access even more you can set rights to each individual user 
or add your own groups at set rights to them

Access rights can be set for every WebApplication subclass (that is your 
App class) and for its every view and action (update).


I hope that helps a bit.

Best regards
Janko



> Dirk
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Aida mailing list
> Aida na aidaweb.si
> http://lists.aidaweb.si/mailman/listinfo/aida

-- 
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si


More information about the Aida mailing list