Differences

This shows you the differences between two versions of the page.

--- pracro:acl [2011/04/11 09:52] – deva
+++ pracro:acl [2011/04/13 14:33] – deva
@@ Line 1: / Line 1: @@
 ======ACL======
+=====Server=====
+====Design1====
+Templates contain ACLs. The users and roles are defined in a config file.\\
 Template:
 <code xml>
 <?xml version='1.0' encoding='UTF-8'?>
-<template name="ref_forunders" version="1.0" title="Refraktiv kirurgi forundersøgelse">
+<template name="ref_forunders" version="1.0" title="Refraktiv kirurgi forundersøgelse" restrict="employee">
-  <acls>
-    <acl action="commit" entity="nurse/>
-    <acl action="commit" entity="br"/>
-  </acls>
   <macro name="header" static="true"/>
-  <macro name="henvisning" aclread="all" aclwrite="all"/>
+  <macro name="henvisning"/>
   <header caption="Anamnese"/>
-  <macro name="allergier" requires="henvisning">
+  <macro name="allergier" requires="henvisning" restrict="doctor"/>
-    <restrictions>
+  <macro name="medicin" requires="henvisning" compact="true" restrict="doctor, nurse"/>
-      <restrict action="read" role="all"/>
+  <macro name="alment" requires="henvisning"/>
-      <restrict action="write" role="doctor"/>
-    </restrictions>
-  </macro>
-  <macro name="medicin" requires="henvisning" compact="true" aclread="all" aclwrite="doctor,nurse,br"/>
-  <macro name="alment" requires="henvisning" aclread="doctor" aclwrite="none"/>
 </template>
 </code>
-aclXXXXX attributes contain lists of either userids and/or groupids. Currently: 'aclread', 'aclwrite' and 'aclcommit'.
-aclwrite and aclread can be connected with the template and is inherited to all the contained macros.
 Users and Groups:
@@ Line 31: / Line 21: @@
 # some config file in libconfig++ format
 roles = (
-          {id="doctor", contains=("nurse", "optician")},
+          {id="doctor"},
-          {id="nurse", contains=("employee")},
+          {id="nurse"},
-          {id="optician", contains=("employee")},
+          {id="optician"},
-          {id="employee", contains=()}
+          {id="employee"}
         );
 users = (
-          {id="akf"; name="Anne Kaufmann Frederiksen"; roles=("doctor")},
+          {id="akf"; name="Anne Kaufmann Frederiksen"; roles=("doctor", "nurse","employee)},
-          {id="ua"; name="Ulla Andersen"; roles=("nurse")},
+          {id="ua"; name="Ulla Andersen"; roles=("nurse", "employee")},
-          {id="jbo"; name="Jens Børge Olfgård"; roles=("optician")}
+          {id="jbo"; name="Jens Børge Olfgård"; roles=("optician", "employee")},
+          {id="vis"; name="Visitor"; roles=()}
         );
 </code>
+====Design2====
+No changes to template. ACLs are defined in config file, with 'realms' being templates and macros.\\
+ACL file:
+<code>Syntax: template | :macro | template:macro action { rolelist }</code>
+<code>
+ref_forunders write {"doctor"}
+:henvisning write {"nurse", "doctor"}
+ref_forunders:allergier write {"doctor"}
+</code>
+Users and roles can be defined as in //Design1//.
+=====Client=====
+The data received on the client must indicate what features that is to be enabled for the current user, without the client having to make an explicit user lookup.
+Example:
+<code>
+<?xml version='1.0' encoding='UTF-8'?>
+<template name="ref_forunders" version="1.0" title="Refraktiv kirurgi forundersøgelse"
+          features="nocommit">
+  <macro name="header" static="true"/>
+  <macro name="henvisning" restricted="true"/>
+  <macro name="allergier"/>
+</template>
+</code>
+Making the commit button disabled or invisible and the 'henvisning' disabled/locked.