On Thu, Jun 24, 2010 at 9:53 AM, Avdhesh Yadav <[email protected]> wrote: > I agree with this approach. > > +1 > > > On Fri, Jun 18, 2010 at 9:03 PM, Suhothayan Sriskandarajah < > [email protected]> wrote: > >> I believe the authentication is now stable in Photark. >> I'm now going to start working on implementing a simple "Role Based >> Access Control" next, and >> here is the initial approach i have in mind... >> >> I thought of creating some well defined mutually exclusive roles >> 1. Super admin Role : have only 1 user (The one who login from >> FORM authentication) >> 2. Registered user Role >> 3. Unregistered user Role : the users who are not logged in. >> 4. Blocked user Role >> >> And there will be other normal roles which are kind of a groups >> (groupRoles) >> these can be created by uses in "Registered user Role" and "Super admin >> Role" >> for e.g. >> a RegisteredUser1 in "Registered user Role" can create a groupRole >> called myFriends and add user1, user2 & user3 >> and sets myFriends groupRole permissions to allow users to add/remove >> images from AlbumA and AlbumB >> >> provided the users user1, user2 & user3 are also in the Registered >> user Role they can execute the given permissions >> and only the RegisteredUser1 and the Super Admin have the rights to >> view and edit the myFriends Role (it's users and permissions) >> >> >> each of these roles will have permissions >> 1. Super admin Role : >> * change users from one role to another (Registered to Blocked and other) >> * view and delete all albums, image, album descriptions of all users >> * create and manage groupRoles >> >> 2. Registered user Role : >> * can create an album >> * can delete his albums, edit album description and add/remove images >> from his album >> * create and mange groupRoles (add/remove users to it and change >> permissions) , he can manage only groupRoles he created >> >> 3. Unregistered user Role : >> * view the albums (only giving access to view by Unregistered user >> Role) (public albums) >> >> 4. Blocked user Role : >> * same as Unregistered user Role >> >> the roles are arranged in a hierarchy where >> Super Admin Role (top) >> Group Roles >> Registered user Role >> Unregistered user Role >> Blocked user Role >> >> the basic permissions for now >> *adding images >> *removing images >> *creating albums >> *deleting albums >> *editing album description >> >> I think this model is scalable in future. >> Please do give your thoughts on this and guide me in the correct path >> >> Suho >> > > >
How are roles configured ? How are roles enforced ? -- Luciano Resende http://people.apache.org/~lresende http://twitter.com/lresende1975 http://lresende.blogspot.com/
