Access rights
Obsah
Description implementation Rights Management FreenetIS
The current access rights for FreenetIS based on PHP GACL. Knihodna itself has been removed, but the system tables was maintained.
Description SQL tables library PhpGacl
In PhpGacl everything is built on objects ACO, ARO and AXO.
'ACO' - facilities operations
'ARO' - objects (or groups of objects) that want individual operations (ACO) to perform
'AXO' - objects (or groups of objects), over which the individual ARO want an operation (ACO)
acl
Table defining individual access rules.
It contains columns id, section_value, allow, enabled, return_value, note, updated_date.
id - identifier, important to connect with ACO, ARO and AXO
section_value - the name of the section where the rule is
allow - 1 => rule permits the operation, 0 => rule prohibits operation
enabled - 1 => rule is enabled, 0 => rule is disabled
return_value - I do not know yet
Note - a comment describing the rule (eg Administrators can do everything)
'updated_date' - timestamp of the last update rules
acl_sections
Table defining individual sections of the rules.
Default in PhpGacl are two sections - System and User. In FreenetIS uses only User.
It contains columns id, value, order_value, name and hidden.
id - identifier, more or less useless because the rules are assigned to sections with values (value)
value - a short name without spaces, used to assign individual ACLs into sections
order_value - I do not know yet
name - long title, description
hidden - 0 => section is visible, 1 => is hidden
acl_seq
Table whose sole purpose is to memorize currently the last id of table acl.
PhpGacl (God knows why) does not use the tables auto increment.
Contains a column id.
'id' - latest id in table acl
aco
Table defining individual objects ACO. In FreenetIS are either ACO for rendering menu (sections menu) and ACO for general operations (section freenetis) - view_all, view_own, edit_all, edit_own, delete_all, delete_own, new_all, new_own, confirm_all, confirm_own ... used 'only' with AXO objects.
It contains columns id, section_value, value, order_value, name and hidden.
id - identifier unimportant (for connection to the ACL table is used aco_map value)
section_value - section name defined in aco_sections
value - a short name without spaces, used for the assignment of the ACO into sections and to connect with each ACL rule in aco_map
order_value - I do not know yet
name - long title, description
hidden - 0 => section is visible, 1 => is hidden
aco_map
Connects ACO objects with different ACL rules. ACO as one (of the three ACO, ARO and AXO) is unable to clustering in groups, because there is no other table aco_groups_map.
Contains columns acl_id, section_value and value.
'acl_id' -
'section_value' -
'value' -
aco_sections
Section for each ACO , FreenetIS uses only two : menu - for ACO objects on the plot menu , and then freenetis - to define the general ACO operations (view, edit , delete and confirmation ) .
It contains columns id , value , order_value , name and hidden .
id - identifier section (not needed for anything )
value - the name of the section (in our menu and freenetis )
order_value - I do not know yet
name - description section
hidden - 0 => section is visible , 1 = > is hidden
aro_groups_map
assigned to individual user groups ACL rules .
Example:
Create a rule "Candidates for membership and regular members can do XYZ" .
This rule will be in the " acl " represented a new row with id = 27 , in which the stored value "allow " ;
If " full members " have id = 22 and those interested in membership id = 23 , then the table aro_groups_map when you create this rule there will be two new lines:
acl_id | group_id
27 | 22
27 | 23
axo_groups_map
Similar to aro_groups_map , but AXO
