|
Greetings,
I need some information on how Spectra handles site
security internally. When I select a Site Element (Page or Section) in Site
Security in the Webtop, leave the Methods dropdown set to 'All Methods' and
assign a specific group to the element - no properties of the element
object appear to change (ie: attr_secure, attr_public).
How is security for this object being handled at a
low level? It appears to be creating a policy and rule for the object and
assigning the selected groups/user to it. On the other end, cfa_contentObject
and other object tags must be using cfa_userIsAuthorized to verify proper
permissions on Objects and methods.
Are there any documents/examples that outline
conventions used to create these policies within Spectra. I'd like to create
policies via custom interfaces as well as programatically and want to create
these in such a way that they mesh well within the Spectra
framework.
What I need ideally is a security system that
includes flagging the secured site element object for display purposes as well
as generating a policy that, at this point, would controls access All
Methods for the object (I don't need to break this out per
method).
Has anyone out there ventured in to the cfa
tags used for controlling policies (I've only used the user and group
creation and managment tags so far) -
any pitfalls or caveats to watch out for?
Thanks!
Seth
|
