Jonathan
08-07-2007, 01:53 PM
TAHPS - A Privilege System I designed.
I'm developing content management software for my school districts website. Obviously, I can not tell you exactly how the site works, because that would introduce an unstable security element.
But this is a concept that I developed and does not directly give any vital nondisclosable information about the operations of the website.
This is how TAHPS works and somewhat how it's integrated:
You see, the district website consists of 9 elementary schools, 2 middle schools, 1 hs, and then various departments (music, athletics, et cetera).
I can give someone access to the CMS to post something on the behalf of that group (user group). With TAHPS, I can give a user access to certain features specific to a usergroup. I can also give them access to other usergroups (lets say they are affiliated with two schools. With the current (obsolete) system, you can only give a person to one access group, and you can't give them specific privileges.. basically you give them access to every feature that access group has) and set specific abilities for that person.
Now this helps with website developing. Because lets say that I want to add a new feature to the CMS? What the hell am I going to do? Add a access hook. Assign that access hook to the appropriate user group. Then when you edit a user, you'll see that access hook under that usergroup you just added it to. Access hooks can be assigned to as many user groups as it needs. You just add it to the permissions of the usergroup.
A access hook wont be viewable in the user permission editor unless it's in the permissions of the group. This is because some schools might not have the specific permission available. For example, the highschool does not have a Grade Editor (which is the module where you set faculty pictures and stuff for the elementary schools ) but the elementary school does. So you add the permission to the elementary schools, but not to the high school... and it won't be selectable when editting accounts under the highschool user group ;)
The navigation system checks for the users 'Currently Viewed Group' and their permissions. It then loads the navigation links based on what permissions the user has for the current group they are editting.
Permission checking is easy.
I have a function (i won't show the code though)
HasAccess(ParentID, ChildID)
if that function returns false, it gives a permission denied message, else it loads.
every module has a "General Page" basically a page that anyone can access that has at access to at least one child. This is called index page, since this is childless, you'd do a permission check with this function
HasAccess(ParentID);
so to put it into perspective, if I wanted to check to see if the currently logged in user can load the general user management page
HasAccess(6);
Now, do they have access to the user edit section under user management?
HasAccess(6,26);
Here's a screenie:
http://forums.universium.net/attachment.php?attachmentid=12&stc=1&d=1186505107
I'm developing content management software for my school districts website. Obviously, I can not tell you exactly how the site works, because that would introduce an unstable security element.
But this is a concept that I developed and does not directly give any vital nondisclosable information about the operations of the website.
This is how TAHPS works and somewhat how it's integrated:
You see, the district website consists of 9 elementary schools, 2 middle schools, 1 hs, and then various departments (music, athletics, et cetera).
I can give someone access to the CMS to post something on the behalf of that group (user group). With TAHPS, I can give a user access to certain features specific to a usergroup. I can also give them access to other usergroups (lets say they are affiliated with two schools. With the current (obsolete) system, you can only give a person to one access group, and you can't give them specific privileges.. basically you give them access to every feature that access group has) and set specific abilities for that person.
Now this helps with website developing. Because lets say that I want to add a new feature to the CMS? What the hell am I going to do? Add a access hook. Assign that access hook to the appropriate user group. Then when you edit a user, you'll see that access hook under that usergroup you just added it to. Access hooks can be assigned to as many user groups as it needs. You just add it to the permissions of the usergroup.
A access hook wont be viewable in the user permission editor unless it's in the permissions of the group. This is because some schools might not have the specific permission available. For example, the highschool does not have a Grade Editor (which is the module where you set faculty pictures and stuff for the elementary schools ) but the elementary school does. So you add the permission to the elementary schools, but not to the high school... and it won't be selectable when editting accounts under the highschool user group ;)
The navigation system checks for the users 'Currently Viewed Group' and their permissions. It then loads the navigation links based on what permissions the user has for the current group they are editting.
Permission checking is easy.
I have a function (i won't show the code though)
HasAccess(ParentID, ChildID)
if that function returns false, it gives a permission denied message, else it loads.
every module has a "General Page" basically a page that anyone can access that has at access to at least one child. This is called index page, since this is childless, you'd do a permission check with this function
HasAccess(ParentID);
so to put it into perspective, if I wanted to check to see if the currently logged in user can load the general user management page
HasAccess(6);
Now, do they have access to the user edit section under user management?
HasAccess(6,26);
Here's a screenie:
http://forums.universium.net/attachment.php?attachmentid=12&stc=1&d=1186505107