[MKDoc-dev] MKDoc User Groups: Milestones 1 and 2
Sam Tregar
sam at tregar.com
Mon Jan 24 00:13:01 GMT 2005
Hello all. Things went very smoothly this weekend and I have both
milestones 1 and 2 finished. Attached are two files - a patch and a
new module, MKDoc::Handler::GroupAuthz (I couldn't figure out how to
convince CVS to include it in the patch).
Testing instructions:
- Apply the patch and copy GroupAuthz.pm into MKDoc/Handler.
- Create a new site using install-site.pl as usual. This is needed
to create the new database tables and the new httpd.conf lines.
(I can write an upgrade script to do this if you like, but it may
be fragile since it needs to make changes in the httpd.conf which
might be edited by users.)
- Add some groups in the Grp table. As agreed there is no GUI for
this. Example:
INSERT INTO Grp (Name) VALUES ('Blue Bloods'), ('Peasants');
- Associate the groups with some protected content by adding values
in Document_Grp. There's no GUI for this either. Example:
INSERT INTO Document_Grp (Document_ID, Grp_ID) VALUES (2, 1);
- Add some users and assign them to your groups. You'll find a GUI
for this in the user editor, accessible by the admin user.
- Now try access the protected documents. Users in the right groups
should get the pages, users not in the groups should get 403
Forbidden pages.
Please commit this work soon, if possible. It's easier for me to
baseline each set of work against an up-to-date CVS checkout.
The next phase of the project is the client-specific customization to
automate group assignment. Do you want me to post this work (and
questions about it) to the public list or is it better to keep it
private?
-sam
-------------- next part --------------
? MKDoc/Handler/GroupAuthz.pm
Index: MKDoc/Site/ConfigWriter/Httpd_Conf.pm
===================================================================
RCS file: /var/spool/cvs/mkd/MKDoc/Site/ConfigWriter/Httpd_Conf.pm,v
retrieving revision 1.1.2.28
diff -u -r1.1.2.28 Httpd_Conf.pm
--- MKDoc/Site/ConfigWriter/Httpd_Conf.pm 29 Sep 2004 15:30:59 -0000 1.1.2.28
+++ MKDoc/Site/ConfigWriter/Httpd_Conf.pm 23 Jan 2005 23:57:41 -0000
@@ -208,6 +208,7 @@
#Editor: vim:syn=apache
<Location />
PerlAuthenHandler MKDoc::Handler::Authenticate
+ PerlAuthzHandler MKDoc::Handler::GroupAuthz
AuthName "Please enter your user credentials"
AuthType Basic
require valid-user
@@ -239,6 +240,16 @@
PerlInitHandler MKDoc::Handler::Initialize
Include $SITE_DIR/httpd/httpd-static.conf
Include $SITE_DIR/httpd/httpd-mkdoc.conf
+
+ <Location />
+ PerlModule MKDoc::Handler::GroupAuthz
+ PerlAuthenHandler MKDoc::Handler::GroupAuthz->null_authen_handler
+ PerlAuthzHandler MKDoc::Handler::GroupAuthz
+ AuthName "Group Authorization"
+ AuthType GroupAuthz
+ require valid-group
+ </Location>
+
</VirtualHost>
<VirtualHost *>
Index: MKDoc/Site/Deploy/DB/Schema.pm
===================================================================
RCS file: /var/spool/cvs/mkd/MKDoc/Site/Deploy/DB/Schema.pm,v
retrieving revision 1.1.2.6
diff -u -r1.1.2.6 Schema.pm
--- MKDoc/Site/Deploy/DB/Schema.pm 10 Nov 2004 17:41:45 -0000 1.1.2.6
+++ MKDoc/Site/Deploy/DB/Schema.pm 23 Jan 2005 23:57:41 -0000
@@ -364,6 +364,63 @@
fk => { Document => { Document_ID => 'ID' } },
);
+## GRP TABLE - holds user groups. (The table can't be named Group
+## because group is a reserved word in SQL.)
+new lib::sql::Table
+ (
+ name => 'Grp',
+ pk => [ 'ID' ],
+ ai => 1,
+ cols => [
+ { name => 'ID',
+ type => lib::sql::type::Int->new( not_null => 1 ) },
+ { name => 'Name',
+ type => lib::sql::type::Char->new( size => 255 ) },
+ { name => 'Description',
+ type => lib::sql::type::Char->new( size => 255 ) },
+ ]
+ );
+
+## EDITOR GRP TABLE - holds assignments of editors (users) to
+## groups. When a user is assigned to a group she can access
+## documents assigned to that group.
+new lib::sql::Table
+ (
+ name => 'Editor_Grp',
+ pk => [ 'Editor_ID', 'Grp_ID' ],
+ cols => [
+ { name => 'Editor_ID',
+ type => lib::sql::type::Int->new( not_null => 1 ) },
+ { name => 'Grp_ID',
+ type => lib::sql::type::Int->new( not_null => 1 ) },
+ ],
+ fk => {
+ Grp => { Grp_ID => 'ID' },
+ Editor => { Editor_ID => 'ID' },
+ },
+ index => { ReverseGrpEditorIndex => [ 'Grp_ID', 'Editor_ID' ] },
+ );
+
+## DOCUMENT GRP TABLE - holds assignments of documents to groups.
+## When a document is assigned to one or more groups only members of
+## that group can access the document.
+new lib::sql::Table
+ (
+ name => 'Document_Grp',
+ pk => [ 'Document_ID', 'Grp_ID' ],
+ cols => [
+ { name => 'Document_ID',
+ type => lib::sql::type::Int->new( not_null => 1 ) },
+ { name => 'Grp_ID',
+ type => lib::sql::type::Int->new( not_null => 1 ) },
+ ],
+ fk => {
+ Grp => { Grp_ID => 'ID' },
+ Document => { Document_ID => 'ID' },
+ },
+ index => { ReverseGrpDocumentIndex => [ 'Grp_ID', 'Document_ID' ] },
+ );
+
1;
__END__
Index: flo/plugin/Admin/UserDelete.pm
===================================================================
RCS file: /var/spool/cvs/mkd/flo/plugin/Admin/UserDelete.pm,v
retrieving revision 1.1.2.4
diff -u -r1.1.2.4 UserDelete.pm
--- flo/plugin/Admin/UserDelete.pm 3 Jun 2003 11:41:35 -0000 1.1.2.4
+++ flo/plugin/Admin/UserDelete.pm 23 Jan 2005 23:57:42 -0000
@@ -47,6 +47,11 @@
{
my $self = shift;
my $user_edit = $self->user_edit();
+
+ # clear grp assignments
+ my $editor_group_t = flo::Standard::table ('Editor_Grp');
+ $editor_group_t->delete(Editor_ID => $user_edit->id);
+
$user_edit->delete();
use flo::plugin::Admin::UserList;
Index: flo/plugin/Admin/UserInsert.pm
===================================================================
RCS file: /var/spool/cvs/mkd/flo/plugin/Admin/UserInsert.pm,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 UserInsert.pm
--- flo/plugin/Admin/UserInsert.pm 3 Jun 2003 10:04:13 -0000 1.1.2.3
+++ flo/plugin/Admin/UserInsert.pm 23 Jan 2005 23:57:42 -0000
@@ -45,6 +45,7 @@
$self->has_errors() and return $self->http_get();
$self->insert_base_document ($user->id());
+ $self->insert_groups ($user->id());
$self->{ok} = 1;
$cgi->delete ($cgi->param());
@@ -64,6 +65,18 @@
$base_document_t->insert (Editor_ID => $id, Document_ID => $_) for (@base_documents);
}
+# create entries in Editor_Grp for group choices
+sub insert_groups
+{
+ my ($self, $id) = @_;
+ my $cgi = flo::Standard::cgi();
+ my @groups = $cgi->param('groups');
+
+ my $editor_group_t = flo::Standard::table ('Editor_Grp');
+ $editor_group_t->delete(Editor_ID => $id);
+ $editor_group_t->insert(Editor_ID => $id, Grp_ID => $_)
+ for @groups;
+}
sub documents
{
@@ -78,6 +91,18 @@
return wantarray ? @res : \@res;
}
+# return list of available groups for template
+sub groups {
+ my $self = shift;
+ my $document_t = flo::Standard::table ('Grp');
+ my @res = $document_t->select (
+ cols => ['ID', 'Name' ],
+ sort => [ 'Name' ],
+ desc => 0,
+ )->fetch_all();
+
+ return wantarray ? @res : \@res;
+}
sub is_selected
{
Index: flo/plugin/Admin/UserModify.pm
===================================================================
RCS file: /var/spool/cvs/mkd/flo/plugin/Admin/UserModify.pm,v
retrieving revision 1.1.2.5
diff -u -r1.1.2.5 UserModify.pm
--- flo/plugin/Admin/UserModify.pm 28 Jul 2004 14:45:00 -0000 1.1.2.5
+++ flo/plugin/Admin/UserModify.pm 23 Jan 2005 23:57:42 -0000
@@ -70,6 +70,7 @@
$user_edit->save();
$self->insert_base_document ($user_edit->id());
+ $self->insert_groups ($user_edit->id());
$self->{ok} = 1;
return $self->http_get();
}
@@ -88,6 +89,19 @@
$base_document_t->insert (Editor_ID => $id, Document_ID => $_) for (@base_documents);
}
+# create entries in Editor_Grp for group choices
+sub insert_groups
+{
+ my ($self, $id) = @_;
+ my $cgi = flo::Standard::cgi();
+ my @groups = $cgi->param('groups');
+
+ my $editor_group_t = flo::Standard::table ('Editor_Grp');
+ $editor_group_t->delete(Editor_ID => $id);
+ $editor_group_t->insert(Editor_ID => $id, Grp_ID => $_)
+ for @groups;
+}
+
sub documents
{
@@ -102,7 +116,20 @@
return wantarray ? @res : \@res;
}
+# return list of available groups for template
+sub groups {
+ my $self = shift;
+ my $document_t = flo::Standard::table ('Grp');
+ my @res = $document_t->select (
+ cols => ['ID', 'Name' ],
+ sort => [ 'Name' ],
+ desc => 0,
+ )->fetch_all();
+ return wantarray ? @res : \@res;
+}
+
+# returns true if the document is selected, false if not
sub is_selected
{
my $self = shift;
@@ -114,5 +141,21 @@
return;
}
+# returns true if the group is selected, false if not
+sub is_group_selected {
+ my ($self, $id) = @_;
+
+ # look for a row for this editor and group in the Editor_Grp table
+ my $grp_t = flo::Standard::table ('Editor_Grp');
+ my @res = $grp_t->select (
+ cols => ['Grp_ID'],
+ where => lib::sql::Condition->new(Grp_ID => $id,
+ Editor_ID => $self->user_edit->id)
+ )->fetch_all();
+
+ return 1 if @res;
+ return;
+}
+
1;
Index: templates/admin/user_insert/en.html
===================================================================
RCS file: /var/spool/cvs/mkd/templates/admin/user_insert/Attic/en.html,v
retrieving revision 1.1.2.16
diff -u -r1.1.2.16 en.html
--- templates/admin/user_insert/en.html 28 Sep 2004 18:56:38 -0000 1.1.2.16
+++ templates/admin/user_insert/en.html 23 Jan 2005 23:57:42 -0000
@@ -292,6 +292,43 @@
<em
class="help"
>
+ Users may belong to one or more groups.
+ You can use groups to restrict access to areas
+ of your site to groups of users. This restriction affects
+ both editing and viewing. To select multiple groups or
+ select no groups you might need to use the
+ <kbd>Ctrl</kbd> key.
+ </em>
+ <label
+ for="groups"
+ >Group(s)</label>
+ <br />
+ <select
+ multiple="multiple"
+ size="5"
+ id="groups"
+ name="groups"
+ >
+ <option
+ title="Bar"
+ petal:repeat="group self/groups"
+ petal:attributes="value group/ID;
+ title group/ID;"
+ petal:content="group/Name"
+ >Happy People</option>
+ </select>
+ </p>
+
+ <p
+ lang="en"
+ xml:lang="en"
+ dir="ltr"
+ align="left"
+ petal:attributes="align align"
+ >
+ <em
+ class="help"
+ >
Accounts can be enabled, which means that they can be used, or disabled which means that
they can't be used.
</em>
Index: templates/admin/user_modify/en.html
===================================================================
RCS file: /var/spool/cvs/mkd/templates/admin/user_modify/Attic/en.html,v
retrieving revision 1.1.2.16
diff -u -r1.1.2.16 en.html
--- templates/admin/user_modify/en.html 28 Sep 2004 18:56:38 -0000 1.1.2.16
+++ templates/admin/user_modify/en.html 23 Jan 2005 23:57:42 -0000
@@ -288,6 +288,44 @@
>/foo/bar/</option>
</select>
</p>
+
+ <p
+ lang="en"
+ xml:lang="en"
+ dir="ltr"
+ align="left"
+ petal:attributes="align align"
+ >
+ <em
+ class="help"
+ >
+ Users may belong to one or more groups.
+ You can use groups to restrict access to areas
+ of your site to groups of users. This restriction affects
+ both editing and viewing. To select multiple groups or
+ select no groups you might need to use the
+ <kbd>Ctrl</kbd> key.
+ </em>
+ <label
+ for="groups"
+ >Group(s)</label>
+ <br />
+ <select
+ multiple="multiple"
+ size="5"
+ id="groups"
+ name="groups"
+ >
+ <option
+ title="Bar"
+ petal:repeat="group self/groups"
+ petal:attributes="selected self/is_group_selected $group/ID;
+ value group/ID;
+ title group/ID;"
+ petal:content="group/Name"
+ >Happy People</option>
+ </select>
+ </p>
<p
lang="en"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GroupAuthz.pm
Type: application/x-perl
Size: 4230 bytes
Desc:
Url : http://lists.webarch.co.uk/pipermail/mkdoc-dev/attachments/20050123/bc34be41/GroupAuthz.bin
More information about the MKDoc-dev
mailing list