Feature #48

Permissions, Security, Privileges

Added by colin moock 1257 days ago. Updated 472 days ago.

Status :Closed Start :08/26/2008
Priority :Normal Due date :
Assigned to :- % Done :

0%
Category :Security
Target version :Union 1.0 Beta 1

Description

Implement a system for managing permissions, security, and privileges throughout Union.

Global roles:

  • Anonymous
  • Logged In
  • Moderator/Power User
  • Admin

Room roles:

  • Room Owner
  • Room Occupant
  • Room Observer

Each action (e.g., "join a room") is assigned a level of privilege required to be used. The server rejects any action by a client with insufficient privileges.

ROLE BASED RULES

If a rule is present then an access rule exists for the action. Otherwise it is assumed to be open to ALL.

Invalid permissions gives PERMISSION_DENIED.

<security>

    <remote-client-rules>

        <rule>

            <action>CREATE_ROOM</action>

            <roles>ALL</roles>

        </rule>

        <rule>

            <action>JOIN_ROOM</action>

            <roles>ALL</roles>

        </rule>

        <rule>

            <action>OBSERVE_ROOM</action>

            <roles>ALL</roles>            

        </rule>

        <rule>

            <action>MODIFY_ROOM_ATTRIBUTE</action>

            <roles>ALL</roles>

        </rule>        

        <rule>

            <action>SEND_MESSAGE_TO_ROOM</action>

            <roles>MODERATOR, ROOM_OCCUPANT, ROOM_OWNER</roles>

        </rule>

        <rule>

            <action>REMOVE_ROOM</action>

            <roles>ROOM_OWNER, MODERATOR</roles>

        </rule>

        <rule>

            <action>WATCH_FOR_ROOMS</action>

            <roles>ALL</roles>

        </rule>    

        <rule>

            <action>MODIFY_CLIENT_ATTRIBUTE</action>

            <roles>MODERATOR, SELF</roles>

        </rule>

        <rule>

            <action>LOGIN</action>

            <roles>ALL</roles>

        </rule>

        <rule>

            <action>LOGOFF</action>

            <roles>MODERATOR, SELF</roles>

        </rule>              

        <rule>

            <action>CREATE_ACCOUNT</action>

            <roles>ALL</roles>

        </rule>        

        <rule>

            <action>GET_ROOMLIST_SNAPSHOT</action>

            <roles>ALL</roles>

        </rule>        

        <rule>

            <action>SEND_MESSAGE_TO_CLIENT</action>

            <roles>ALL</roles>

        </rule>

        <rule>

            <action>SEND_MESSAGE_TO_SERVER</action>

            <roles>MODERATOR</roles>

        </rule>

        <rule>

            <action>REMOVE_ACCOUNT</action>

            <roles>MODERATOR, SELF</roles>

        </rule>

        <rule>

            <action>GET_ROOM_SNAPSHOT</action>

            <roles>ROOM_OCCUPANT, ROOM_OWNER, MODERATOR</roles>

        </rule>

        <rule>

            <action>SEND_ROOM_MODULE_MESSAGE</action>

            <roles>ROOM_OCCUPANT, ROOM_OWNER, MODERATOR</roles>

        </rule>

        <rule>

            <action>SEND_SERVER_MODULE_MESSAGE</action>

            <roles>ALL</roles>

        </rule>

        <rule>

            <action>GET_CLIENTLIST_SNAPSHOT</action>

            <roles>ALL</roles>

        </rule>

        <rule>

            <action>OBSERVE_CLIENT</action>

            <roles>ALL</roles>

        </rule>          

    </remote-client-rules>

</security>

Related issues

related to Todo #106 Allow privileged clients to send messages to any room Closed 02/10/2009

History

03/22/2009 04:14 PM - colin moock

  • Target version set to Union 1.0 Beta 2

05/19/2009 04:51 PM - colin moock

  • Subject changed from permissions, security, privileges to Permissions, Security, Privileges

08/06/2010 01:11 AM - colin moock

  • Target version changed from Union 1.0 Beta 2 to Union 1.0 Beta 1

10/14/2010 01:58 PM - derek clayton

  • Status changed from New to Closed

Also available in: Atom