-
1. Re: jeeez I've understood PN model security !
h2o_polo Apr 17, 2003 6:45 PM (in response to julien1)Hey cooper can you explain how is this done on a simple example, from core module's permissions. Let's say:
2:200:block:menu:published:youraccount:main:.*
or
2:200:module:youraccount:published:user:(edithome|edituser|chgtheme|logout):.*
This is confusing ...
Thanks,
Alex. -
2. Re: jeeez I've understood PN model security !
julien1 Apr 17, 2003 8:38 PM (in response to julien1)> Hey cooper can you explain how is this done on a
> simple example, from core module's permissions. Let's
> say:
>
> 2:200:block:menu:published:youraccount:main:.*
>
> or
>
> 2:200:module:youraccount:published:user:(edithome|edit
> ser|chgtheme|logout):.*
let's explain the second rule.
okay, if you look at module youraccount you will see the code :
if (api.secAuthAction(
"module:youraccount:published",
moduleMetaData.getName() + ":" + operationMetaData.getName() + ":",
Constants.SEC_ACCESS_READ))
{
// then display an icon + a link
}
the rule :
"2:200:module:youraccount:published:user:(edithome|edituser|chgtheme|logout):.*"
you have to split it :
2 : group ID
200 : acces read
module:youraccount:published : component instance
user:(edithome|edituser|chgtheme|logout):.* : test instance
that means that plain users will be able to display
link in youraccount module to the module operation :
user : edithome
user : editusr
user : chgtheme
user : logout
when api.secAuthAction is called
it will say yes for module meta data
user and operation metadata edithome, editusr, chgtheme, logout.
basically the rule
"module:youraccount:published" will match the componentinstance : "module:youraccount:published"
because string are same (but first must be thought as a regular expression)
"user:(edithome|edituser|chgtheme|logout):.*" will match all constructed string such as
"user:edithome:" for instance.
I hope it's clear enough.
The best is to check CoreModule security and the class SecurityRule.
Nukes security is quite hard to figure out but once you've understood it's clear. But it's not easy to explain it.
Remember : security rules are stupid regular expression, a-la-unix.
julien
>
> This is confusing ...
>
> Thanks,
> Alex.