dirk at verleysen.net
Tue Oct 9 10:18:09 CEST 2007
I'm starting to understand it, but how do you save your security settings?
----- Original Message -----
From: "Janko Mivšek" <janko.mivsek op eranova.si>
To: "AIDA/Web general discussion list" <aida op aidaweb.si>
Sent: Monday, October 08, 2007 10:16 PM
Subject: Re: [aida] Security
> Hi Dirk,
> I just came from the mountains, so the answer is a bit late :)
> And by the way, what an impressive web site you are building, not to
> mention how feature rich is already. Good work!
> Dirk Verleysen wrote:
>> Is there some documentation available on Security ?
> No, not yet, mainly because I'd like to rewrite Admin>Security part
> Just FYI: this part is actually one of the first Aida web apps back from
> 1996, so you can have a clue how things got started :)
>> I added the following to my site:
>> (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html'
>> forObject: WebSecurityManager new.
> I would not recommend to make another security manager, because there is
> already one, accessible directly as anAIDASite securityManager and this
> one is actually used by Aida while yours is not.
>> I now can add groups and users but cannot remove groups. Are there some
>> rules for users and groups like Administrators, AllUsers, Guest ?
> I see, group removing through web UI is currently broken, but you can
> remove it manually through inspector for now. I'll patch this soon.
> User Guest is special because every user is Guest until he logs in. And
> become again Guest when logout.
> Group Administrators is also special because users in that group have
> kind of "root" privileges - they can do everything
> Group AllUsers is another special one, because all users are members of
> that group by default.
> Group Registered Users holds users who went successfully through a
> complete registration process to that group.
> To set up access rights, you should:
> - for public access, set access rights to group AllUsers
> - for access to all guest users, set user Guest
> - for access to all logged-in users, set group Registered Users
> - to limit access even more you can set rights to each individual user
> or add your own groups at set rights to them
> Access rights can be set for every WebApplication subclass (that is your
> App class) and for its every view and action (update).
> I hope that helps a bit.
> Best regards
>> Aida mailing list
>> Aida op aidaweb.si
> Janko Mivšek
> Smalltalk Web Application Server
> Aida mailing list
> Aida op aidaweb.si
More information about the Aida