[aida] Security

Dirk Verleysen dirk at verleysen.net
Tue Oct 9 10:18:09 CEST 2007


I'm starting to understand it, but how do you save your security settings?

Dirk
----- Original Message ----- 
From: "Janko Mivšek" <janko.mivsek op eranova.si>
To: "AIDA/Web general discussion list" <aida op aidaweb.si>
Sent: Monday, October 08, 2007 10:16 PM
Subject: Re: [aida] Security


> Hi Dirk,
>
> I just came from the mountains, so the answer is a bit late :)
>
> And by the way, what an impressive web site you are building, not to
> mention how feature rich is already. Good work!
>
> Dirk Verleysen wrote:
>
>> Is there some documentation available on Security ?
>
> No, not yet, mainly because I'd like to rewrite Admin>Security part 
> before.
>
> Just FYI: this part is actually one of the first Aida web apps back from
> 1996, so you can have a clue how things got started :)
>
>> I added the following to my site:
>>  (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html'
>> forObject: WebSecurityManager new.
>
> I would not recommend to make another security manager, because there is
> already one, accessible directly as anAIDASite securityManager and this
> one is actually used by Aida while yours is not.
>
>> I now can add groups and users but cannot remove groups. Are there some
>> rules for users and groups like Administrators, AllUsers, Guest ?
>
> I see, group removing through web UI is currently broken, but you can
> remove it manually through inspector for now. I'll patch this soon.
>
> User Guest is special because every user is Guest until he logs in. And
> become again Guest when logout.
>
> Group Administrators is also special because users in that group have
> kind of "root" privileges - they can do everything
>
> Group AllUsers is another special one, because all users are members of
> that group by default.
>
> Group Registered Users holds users who went successfully through a
> complete registration process to that group.
>
> To set up access rights, you should:
>
> - for public access, set access rights to group AllUsers
> - for access to all guest users, set user Guest
> - for access to all logged-in users, set group Registered Users
> - to limit access even more you can set rights to each individual user
> or add your own groups at set rights to them
>
> Access rights can be set for every WebApplication subclass (that is your
> App class) and for its every view and action (update).
>
>
> I hope that helps a bit.
>
> Best regards
> Janko
>
>
>
>> Dirk
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Aida mailing list
>> Aida op aidaweb.si
>> http://lists.aidaweb.si/mailman/listinfo/aida
>
> -- 
> Janko Mivšek
> AIDA/Web
> Smalltalk Web Application Server
> http://www.aidaweb.si
> _______________________________________________
> Aida mailing list
> Aida op aidaweb.si
> http://lists.aidaweb.si/mailman/listinfo/aida
> 



More information about the Aida mailing list