Portal HOWTO: Rights management

This is a short description of the rights and roles system. You can edit the rights and roles under the Global Administration box.

One role can contain a unlimited number of rights. Currently one user can be assigned with one role. So the interesting parts are the rights. There is a set of rules to create new rights:

1. Protect pages:

If there is a right with the page prefix plus page name, e.g. page.BlogPath, the user must have the right to visit the page. The page name is the simple class name of the wicket page class. If the user does not have the right for the page, he will redirected to the login. If there is no right for the page, the page is unprotected.

2. Protect components / parts of pages

It is possible to protect parts of pages. If there is a right general prefix plus the component name, e.g. general.GlobalAdminBoxPanel, the user must have the right  to see the component. The described right belongs to the Global Administration box. If the user does not have the right for this component, he does not see the component. If there is no right for a component, the component is unprotected. The component name is the simple class name of the wicket component class.

3. Content protection

The logic for the content protection is implemented in the appropriate module. I will explain it with the download module. By convention the content protection rights start with the module name, followed by a dot:

download.view.registered

The next part "view" is a implemented section part, e.g. for download there are three subparts: view, download and vote. View means the user can see the download. Download means he is able to download it. Vote means he is allowed to vote. The third part of the right is defined by the administrator, so he can define a unlimited set of new rights, e.g. :

download.view.preview

This could be an example for a new right to the role revision which could review new downloads. The new right is listed in the right matrix of the download formular:

Conclusion

You have the possibility to protect everything you want. This includes pages, components and content. It is a quite powerful right system, but consider that deleting important rights can easily cause security leaks.