On Wed, 2002-09-25 at 20:30, André van Toly wrote:
> I don't believe you can. Editors build in the MMBase taglib, like
> my_editors, currently only support MMBase context authorization AFAIK.
There are 2 security systems in MMBase:
1) The SCAN security, this one is used inside the SCAN-editors.
This consists of a accounts-file (accounts.properties)
And a relation type called Authrel (info can be found on MMBase
site)
2) The org.mmbase.security. This one is called when the bridge is
used(and since the taglibs use the brige, operations done by the
taglibs are also checked.)
In this org.mmbase.security it is possible to load different types of
secrurity implementations. At this moment in CVS the following versions
exist.
1) Basic Security, this one uses the accounts.properties for it's
login information, and only users that are logged in may change data
in the cloud. (i remeber that rico made some change's in this
implementation, are they still worth checkin it into CVS?)
2) Context Security, in this implementation, groups can be defined,
and rights on individal objects can be set/changed. The
configuration of the groups and users is stored inside a xml file.
3) Cloud Security. In this implementation users exist in a
builder(password md5 encoded).
Only users may change the cloud, and this is only allowed if the
user owns the node, or it is a shared node.
?) Maybe someone else has an implementation that we could put in
CVS? ;)
--
Eduard Witteveen Systeem Ontwikkelaar
Publieke Omroep, Gateway C Kamer 101
+31(0)356772910 http://www.omroep.nl/
Sed quis custodiet ipsos custodes? : The sixth Satire from Juvenal
