Kevin,
>It really needs to be more like a
>"Web Operating System" with hierarchical user administration (add users,
>delete users, modify users, create groups, etc with roles being like
>"Administrator/root", "User Manager", etc).
I like this idea. So I added some permissions to the default MySQL script
(see diff below). With these default permissions a user can login as
turbine root and manage users.
This should be generic enough for the turbine root to start creating other
roles/groups and permissions. I also set it up so that the default screen
will check for the proper permission and will show the link to the admin
main screen if (and only if) you have the proper role (default:
turbine_root). Currently though, the only way to
absolutely keep someone out of the admin screens and actions is to put a
"security check" into each screen and action. Although this works, it seems
kinda of redundant. The only other way around this (that I currently see)
would be to create an admin "page". Is this something we would want to do?
The admin main screen is set up something like this:
Users
- Add
- Find
- Edit
- List
Groups
- Add
- Find
- Edit
- List
Permissions
- Add
- Find
- Edit
- List
I'm kinda modeling it after how the Netscape Enterprise Web server
Admin interface is set up for managing Users/Groups and ACLs.
I've also added an admin subdirectory under the layout and navigation main
directories to keep all the
admin stuff separate.
I think I'm ready to start adding some of this stuff to the CVS. Please let
me know how I can get this stuff out to you guys.
Here' s the diff on the MySQL script ( I don't have access to Oracle).
Please give me you comments on this.
Index: MySQL_users_roles_permissions.sql
===================================================================
RCS file:
/products/cvs/turbine/turbine/docs/MySQL_users_roles_permissions.sql,v
retrieving revision 1.6
diff -r1.6 MySQL_users_roles_permissions.sql
24a25,31
> insert into Permission (PERMISSION) values ("add_user");
> insert into Permission (PERMISSION) values ("modify_user");
> insert into Permission (PERMISSION) values ("add_group");
> insert into Permission (PERMISSION) values ("modify_group");
> insert into Permission (PERMISSION) values ("add_permission");
> insert into Permission (PERMISSION) values ("modify_permission");
>
34a42,43
> insert into UserRole (ROLENAME) values ("turbine_root");
>
45a55,61
> insert into RolePermission (ROLEID,PERMISSIONID) select UserRole.ROLEID,
Permission.PERMISSIONID from UserRole, Permission where
Permission.PERMISSION = 'add_user' and UserRole.ROLENAME = 'turbine_root';
> insert into RolePermission (ROLEID,PERMISSIONID) select UserRole.ROLEID,
Permission.PERMISSIONID from UserRole, Permission where
Permission.PERMISSION = 'modify_user' and UserRole.ROLENAME =
'turbine_root';
> insert into RolePermission (ROLEID,PERMISSIONID) select UserRole.ROLEID,
Permission.PERMISSIONID from UserRole, Permission where
Permission.PERMISSION = 'add_group' and UserRole.ROLENAME = 'turbine_root';
> insert into RolePermission (ROLEID,PERMISSIONID) select UserRole.ROLEID,
Permission.PERMISSIONID from UserRole, Permission where
Permission.PERMISSION = 'modify_group' and UserRole.ROLENAME =
'turbine_root';
> insert into RolePermission (ROLEID,PERMISSIONID) select UserRole.ROLEID,
Permission.PERMISSIONID from UserRole, Permission where
Permission.PERMISSION = 'add_permission' and UserRole.ROLENAME =
'turbine_root';
> insert into RolePermission (ROLEID,PERMISSIONID) select UserRole.ROLEID,
Permission.PERMISSIONID from UserRole, Permission where
Permission.PERMISSION = 'modify_permission' and UserRole.ROLENAME =
'turbine_root';
>
85a102,103
>
> insert into VisitorRole ( VISITORID, ROLEID ) select Visitor.VISITORID,
UserRole.RoleID from Visitor, UserRole where Visitor.loginid = 'turbine' AND
UserRole.rolename = 'turbine_root';
\ No newline at end of file
Dave
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
