Role hierarchy: Unterschied zwischen den Versionen

Aus Opencaching-Wiki
Zur Navigation springen Zur Suche springen
(Kategorie bearbeitet)
(Änderung 7897 von Fraggle (Diskussion) rückgängig gemacht.)
Markierung: Rückgängigmachung
 
Zeile 42: Zeile 42:
  {% endif %}</nowiki>
  {% endif %}</nowiki>


[[Kategorie:Entwicklung|Entwicklung/Role hierarchy]]
[[Kategorie:Entwicklung]]
[[Kategorie:English pages]]
[[Kategorie:English pages]]

Aktuelle Version vom 13. Mai 2024, 19:31 Uhr

The fundament of our security is a customizable role hierarchy. One or multiple roles can be applied to a user. Every role itself is linked to different permissions which allow to view, edit or delete resources like geocaches, logs or users. If no permission is present it defaults to disallowing the action.

Role hierarchy

https://app.conceptboard.com/board/9qra-r8bs-bpy2-cuf2-0ikx


This diagram must be read bottom to top. Every role inherits roles above them. Example: ROLE_SOCIAL_HEAD contains ROLE_SOCIAL, ROLE_SOCIAL_TRAINEE, ROLE_TEAM and ROLE_USER. Every logged in user has ROLE_USER.


Permissions

Permissions are linked to different roles which can be seen as a permission group.


Database


Code examples

Annotations, to secure complete functions or classes:

/**
 * @Security("is_granted('ROLE_SOCIAL')")
 */

PHP, to secure parts of the code:

if ($this->isGranted('ROLE_SOCIAL')) {
  ..
}

Twig, to secure parts of the code from being displayed or executed. But pay attention: as long as the @routes are not secured (see above) they still can be called via URL!

 {% if is_granted('ROLE_SOCIAL') %}
   {{ 'You have access.' }}
 {% else %}
   {{ 'Sorry. You don\'t have access.' }}
 {% endif %}