Wiki News Projects Sources Tasks New Task Reports
ProjectSecurity
Page Info Get as PDF

Project Security

Starting form EmForge-0.20 we started deep job related to security. First implemented part is related to implementation security and roles for Projects and Milestones.

Initially I planned to use Authorization Services from Acegi Security - but... seems it is too hard for me for now. So, it was done by another way:

Project Service Implementation

New bean was created - Project Service. Now, Project Service is responsible for whole job with projects in whole project. Comparing to ProjectDAO - project service is do checking for authorization for every action: is current user allowed to do it or not.

So, since Project DAO is only responsible for correct storing and getting project related information, Project Service is reposible for security issues also. From now, whole project will user only ProjectService bean for working with project.

Project Service has 2 sets of functions: action function itself (this function performs some actions like save project or delete, or gets some information). This methods throws AuthorizationException if current user is not allowed to do this action. And set of "can"-function - this functions check - is current user allowed to do some action and returns true or false (so, this methods may be used in GUI for disabling/enabling some functionality)

Project Roles

Currently project has followed predefined roles:
  • Manager - Manager of Project - usually can do everything, except removing project
  • Developer - Developer in project - has access to information in project, but is not allowed to change project settings
  • User - has access to project - but not allowed to change anything

Project Security Matrix

Followed table contains actions and permissions:
Action Allowed for
getProject to everyone (later for private projects it will be allowed only for project members)
createProject only to site admins (currently not implemented)
changeProject for site admins (not implemented yet) and project managers
deleteProject site admins (not implemented yet)
getMilestone to everyone (later for private projects it will be allowed only for project members)
createMilestone for site admins (not implemented yet) and project managers
changeMilestone for site admins (not implemented yet) and project managers
deleteMilestone for site admins (not implemented yet) and project managers

Last Modified by akakunin 1 year ago
Comments (0)
Login to add comment

EmForge.org | EmDev Limited | Contact Us | Careers

Powered by EmForge 0.26-SNAPSHOT-20080812