This chapter describes the security infrastructure from the developer point of view. For general details about security and its configuration see Chapter 15, Security Configuration.
The security management in cartoweb is separated in the following parts:
-
Management of the user/password/roles database.
(
SecurityContainer
class incommon/SecurityManager.php
). -
Management of user authentication (calling
checkUser
andsetUser
/setUserAndRoles
inSecurityManager
). - Granting access to objects based on the current roles.
Point 1. and 2. in the previous section are the responsibility of
specific plugins. For an example, see the auth
plugin.
This point is the most important for plugin developers wanting to use the CartoWeb security mechanisms to allow or deny an access to a feature/object.
The plugin can call the method hasRole($roles)
on
the current security manager.
For an example, let's take the pdf plugin which has to restrict printing some formats only to allowed users.
in the .ini file, we could have:
formats.A4.allowedRoles = printers, admin
In the plugin, we can then check the permissions with:
in the routine building the available format list: foreach($formats as $format) { ... add the format to the list ... $roles = $this->getRolesForFormat($format); //this should get it from the .ini if (!SecurityManager::getInstance()->hasRole($roles)) continue; // skips unauthorized resolution for this user .. do the work with the format ... } in the routine handling the user passed parameters: .. to the same check as above ..