On 22/05/12 02:38 -0700, Giedrius Slavinskas wrote: > > > > > > - Remove the access right from within the CRUD to move it just on > > > the rpc calls and run all the code as root. > > > This has the advantage to be simple but it is a bad design for > > > security principle to run the least possible code as root. > > > > > It is more elegant solution than switching context, but it won't work on > current cumbersome design of Tryton. The main problem of current > design is that there is no separation between controller (interface for > objects dispatch) and model (data structure, application state).
It could be also an advantage. Because of this design, the record rule can exist. And in some way, it makes the access right very simple just CRUD (almost like for unix) > I see > some work is made in right direction by implementing Active record > pattern on models. So now (if i'm not wrong) @classmethod represents > controller while other methods are used for changing state of Active > Record instance. No, indeed the principle are still the same but instead of having an instance as "controller" it is a class. And "changing state" will still be done by class methods. > By having this design we can go further by declaring > that access rights should never go on model level, its place is in > controller level. Also we must make sure that dispatched method > is never called by another dispatched method. But that's a big issue because the main dispatched methods are CRUD because we use a thin client that can almost only do that. More over, one method call can do many things like operation on xxx2many fields, so if we check only the dispatched method we allow any calls on xxx2many methods. > I think limiting security to RPC (i think that implementation will > > be at the dispatcher level), will be bad for projects which use > > tryton as a module. They will need to reimplement the same thing > > over and over. > > > > > It's even better. You can use data model without any security and > integrate them with different security system. Or if you don't want to > do this, you can use dispatched methods from Tryton itself. That's really something out of the scope. -- Cédric Krier B2CK SPRL Rue de Rotterdam, 4 4000 Liège Belgium Tel: +32 472 54 46 59 Email/Jabber: [email protected] Website: http://www.b2ck.com/
pgpz7fpQQzNeO.pgp
Description: PGP signature
