- Timestamp:
- Apr 2, 2012 5:42:09 AM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bin/acl.cli.php
r396 r398 230 230 This script must be run in the common site directory (i.e. the parent 231 231 directory of the document root). DB credentials are retrieved from: 232 global/db_auth.inc.php so this file must exist. Further 232 global/db_auth.inc.php so this file must exist. Furthermore this script 233 233 must be executed as the owner of the db_auth.inc.php file. 234 234 … … 236 236 Request Objects, ACO - Access Control Objects, and AXO - Access Xtra 237 237 Objects. These are most often used as a USER -> ACTION -> OBJECT model, 238 but c an just as easily be SPICES -> CUISINES -> DISHESA privilege is238 but could just as easily be SPICES -> CUISINES -> DISHES. A privilege is 239 239 allowed if a user (ARO) can perform an action (ACO) on something (AXO). 240 For example, Bob can edit article 4. If the AXO if omitted, this becomes 241 "Bob can edit" (period). 242 243 Each access object is stored as a node in hierarchical tree structures. A 244 permission granted to a node is applied to all its children. If a child 245 node is specified a different permission that is more specific that 240 For example, with an `ARO->ACO->AXO` of `Bob->edit->4`, Bob can edit article 4. 241 If the AXO were omitted (i.e. just `Bob->edit`), this becomes "Bob can edit" 242 (he can edit any object). 243 244 Each access object is stored as a node in hierarchical tree structures. 245 A permission granted to a node is applied to all its children. If a child 246 node is specified a different permission that is more specific than 246 247 anything on the branch it will take precedence. If no permission is 247 248 specified, root is used for that object. Root, in this case, means
Note: See TracChangeset
for help on using the changeset viewer.