## -*- mode: html; coding: utf-8; -*- ## This file is part of Invenio. ## Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008 CERN. ## ## Invenio is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## Invenio is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with Invenio; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
Explanation of the WebAccess table structure and how to create authorizations. -- accROLE -- roles are collections of authorizations within specified areas. these should have a clear connection, for example within a module or for a special type of person, e.g a library administator. id - specify the id of the role name - unique name for the role description - describe the authorization tasks the role will cover firerole_def_ser - precompiled serialized firewall like role definition (firerole) firerole_def_src - definition text source for repairing after Python upgrades -- user_accROLE -- give users access to the authorizations/actions provided by the given role. id_user - id of user in the database, usually just the CFG_SITE_SUPPORT_EMAIL and/or CFG_SITE_ADMIN_EMAIL id_accROLE - id of role from accROLE -- accACTION -- the actions specify what information is needed to create an authorization. an action can take any number of arguments, and you also have the possibility to make these arguments optional. id - specify the id of the action name - unique name for the action description - describe authorization area allowedkeywords - the keywords for the wanted arguments optional - enum to define wether arguments can be optional value: ['yes', 'no'] 'no' - action without arguments or not optional arguments 'yes' - only actions with arguments -- accARGUMENT -- arguments for the authorizations. one entry might be shared by several authorizations, so it is important to not change these but simply add new ones when a change is needed. id - id of the argument keyword - the one listed in an action's allowedkeywords value - the value connected to the keyword in an keyword=value argument pair -- accROLE_accACTION_accARGUMENT -- ternary connection to create authorizations. when an authorization has more than one argument they need to be connected somehow. the same id for role, action and argumentlist does this. there must be at least as many entries as allowedkeywords for the action. with more entries all authorizations are found using a cross product. id_accARGUMENT and argumentlistid are both set to 0 when the action have no arguments. with optional arguments they are both set to -1. id_accROLE - reference to argument in table accROLE id_accACTION - reference to argument in table accACTION id_accARGUMENT - reference to argument in table accARGUMENT argumentlistid - glue to bind entries into authorizations.