Changes between Version 3 and Version 4 of access_control


Ignore:
Timestamp:
2012-02-18T00:20:20Z (13 years ago)
Author:
Pan Luo
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • access_control

    v3 v4  
    77=== User ===
    88
    9 * A user have different role(s) in the system.
     9* A user have at least one role in the system.
    1010* A user may have more than one role. (e.g. a person can be a TA and student)
    11 
    1211
    1312=== Role ===
     
    3736
    3837==== !Controller/Action Permission ====
    39 This type of permission controls if a role has access to a specific controller/action pair, E.g., Admin has access to /user/add or Student is denied from /usr/delete.
     38This type of permission controls if a role has access to a specific controller/action pair, E.g., Admin has access to /user/add or Student is denied from /user/delete.
    4039
    4140==== Functional Permission ====
    42 This type of permission controls if a role has access to a specific iPeer function. E.g. Admin can add instructors or instructor is not allow to add admin.
     41This type of permission controls if a role has access to a specific iPeer function. E.g. Admin can add instructors or instructor is not allow to add admin. Here is an example of the permission: function/user/admin/add
     42
     43=== !Organization/Faculty ===
     44There is another level of access control in iPeer. Consider an admin at the faculty level should have access to all resources to his/her faculty, but not for other faculties.
     45
     46Some facts for organization/faculty:
     47* There is a default faculty for the implementations that don't need this kind of level control.
     48* A user can belongs to multiple faculties.
     49* Faculty information lives in a separate table called faculty.
     50* For the simplicity, faculty is a flat table. There is no hierarchy for faculty.