Permissions
The restriction of what a user can do is handled by roles in Exponential.
Role
Roles consist of a policy set, where each policy gives the user access to
a resource. Resources may be accessed in contect, e.g. you can read content in
section 42.
Roles is set up for the different roles users has on a site. E.g. you could
have visitor, journalist, editor and administrator. The different roles would
grant access to different resources.
Roles can be combined for simpler administration. E.g. you can have one role which
gives access to reading content and another role
A role can be assigned to any user or user group (combinations may be used).
Policy
A policy defines a certain resource. A policy defines a resource using the
following elements.
- Module
- Function
- Parameter(s)
Example policies
|
Module
|
Function
|
Parameters
|
Comment
|
|
Content
|
Edit
|
SectionID=42,
Owner=self
|
Acces to edit all content in section 42
where the user is owner of the content.
|
|
Content
|
Read
|
*
|
Acces to read all content
|
|
*
|
-
|
-
|
Access to do everything
|
Permission check
The first thing that needs to be done is to identify the user.
When you have a user id you will know which roles this user
has. From these roles you will get the permission list.
| 
