Privilege System Development in ClayCMS

Posted by david on 25 June 2012 at 4:56 am

The ClayDB 2 upgrade began because I was trying to finish the Privilege system in ClayCMS. I decided to implement an SQLite adapter for ClayDB, while working on the Privileges database schema, and realized the shortfalls of ClayDB. Here's what I'm come up with for the Privilege system (which I'm still working on):

  • Uniquely scoped privileges
    • Each privilege in the system is required to be unique, but can be assigned multiple times across it's scope to multiple Roles
  • Each application has complete control over its privileges
    • Using Privilege libraries within each application, the application determine what a privilege means and what it allows
    • Applications choose their own naming system and are not tied to a set tree of privilege types
    • Explicit and user created privileges are allowed, as long as an application provides support for determining scope for them
  • An optional base set of privileges will be provided for applications to use
    • This set of privileges will be part of the Apps application and can be extended/scoped by any application
      • Intended to be used for developmental purposes, as it will involve more processing, but can be used regardless
  • Role triggers will be provided that allow Roles for Owner, Shared, Public, and Private
  • An experimental Entities will be included later on that will be a mix between Roles and Users. 
    • Entities are for applications requiring users to be split up in to organizational groups, rather than roles within a single group


Log in to comment

No comments yet!