incubator-photark-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Avdhesh Yadav <...@avdheshyadav.com>
Subject Re: Photark Authorization using Role Based Access Control
Date Thu, 24 Jun 2010 16:53:48 GMT
I agree with this approach.

+1


On Fri, Jun 18, 2010 at 9:03 PM, Suhothayan Sriskandarajah <
suhothayan@gmail.com> wrote:

> I believe  the authentication is now stable in Photark.
> I'm now going to start working on implementing a simple "Role Based
> Access Control" next, and
> here is the initial approach i have in mind...
>
> I thought of creating some well defined mutually exclusive roles
> 1. Super admin Role      : have only 1 user (The one who login from
> FORM authentication)
> 2. Registered user Role
> 3. Unregistered user Role : the users who are not logged in.
> 4. Blocked user Role
>
> And there will be other normal roles which are kind of a groups
> (groupRoles)
> these can be created by uses in "Registered user Role" and "Super admin
> Role"
> for e.g.
> a RegisteredUser1 in "Registered user Role"  can create a groupRole
> called myFriends and add user1, user2 & user3
> and sets myFriends groupRole permissions to allow users to add/remove
> images from AlbumA and AlbumB
>
> provided the users user1,  user2 & user3 are also in the Registered
> user Role they can execute the given permissions
> and only the RegisteredUser1 and the Super Admin have the rights to
> view and edit the myFriends Role (it's users and permissions)
>
>
> each of these roles will have permissions
> 1. Super admin Role :
> * change users from one role to another (Registered to Blocked and other)
> * view and delete all albums, image, album descriptions of all users
> * create and manage groupRoles
>
> 2. Registered user Role :
> * can create an album
> * can delete his albums, edit album description and add/remove images
> from his album
> * create and mange groupRoles (add/remove users to it and change
> permissions) , he can manage only groupRoles he created
>
> 3. Unregistered user Role :
> * view the albums (only giving access to view by Unregistered user
> Role) (public albums)
>
> 4. Blocked user Role :
> * same as Unregistered user Role
>
> the roles are arranged in a hierarchy where
> Super Admin Role (top)
> Group Roles
> Registered user Role
> Unregistered user Role
> Blocked user Role
>
> the basic permissions for now
> *adding images
> *removing images
> *creating albums
> *deleting albums
> *editing album description
>
> I think this model is scalable in future.
> Please do give your thoughts on this and guide me in the correct path
>
> Suho
>



-- 
Avdhesh Yadav
http://www.avdheshyadav.com
http://twitter.com/yadavavdhesh

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message