[Jifty-commit] r4514 - in Jifty-Book: .
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Wed Nov 21 09:55:07 EST 2007
Author: sterling
Date: Wed Nov 21 09:55:05 2007
New Revision: 4514
Added:
Jifty-Book/doc/Jifty/Book/Part-B/06-Security_and_Access_Control.pod
Modified:
Jifty-Book/ (props changed)
Log:
r14188 at dynpc145: andrew | 2007-11-21 08:54:57 -0600
Adding the outline for the Security and Access Control chapter.
Added: Jifty-Book/doc/Jifty/Book/Part-B/06-Security_and_Access_Control.pod
==============================================================================
--- (empty file)
+++ Jifty-Book/doc/Jifty/Book/Part-B/06-Security_and_Access_Control.pod Wed Nov 21 09:55:05 2007
@@ -0,0 +1,66 @@
+=head0 Security and Access Control
+
+Few Internet applications can exist without some kind of security involved. Those that do are ineveitably littered with the refuse of the web. Now that we have some models, it's time to limit who can access and manipulate the data in those models. (Fortunately, Jifty only allows "superuser" to access and manipulate your data out of the box.)
+
+Controlling access to your models is done by determining who the current user of the application is. The user may be a person sitting in front of their Internet browser or it may be some other automatic agent like a search bot from Google or special client for manipulating your application. You then use information about the current user to either deny or allow access to various operations on your models or actions.
+
+=head1 Tutorial
+
+=head1 Reference
+
+=head2 Your User Object
+
+=head3 Making a User Model
+
+=head3 Using User and Authentication Plugins
+
+=head3 Available Plugins
+
+=head4 User
+
+=head4 Authentication::Password
+
+=head4 Authentication::Ldap
+
+=head4 Authentication::Facebook
+
+=head2 Customizing CurrentUser
+
+=head3 Life Cycle
+
+=head3 Suggested Helper Methods
+
+=head2 Managing Access to Models
+
+=head3 current_user_can()
+
+=head3 Limiting Create
+
+=head3 Limiting Read
+
+=head3 Limiting Update
+
+=head3 Limiting Delete
+
+=head2 Securing Actions
+
+=head3 Using the Action API
+
+=head3 Recommnded Practices
+
+=head2 Stepping Around Security
+
+=head3 superuser()
+
+=head3 as_superuser()
+
+=head1 Testing
+
+=head2 Working Around Access Control
+
+=head2 Testing Access Control
+
+=head3 Models
+
+=head3 Actions
+
More information about the Jifty-commit
mailing list