MVHub

replace hand-rolled authentication/authorization code with CGI::Application::Plugin::Auth*

Bug #396367 reported by Dan MacNeil
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MVHub
Confirmed
Low
Unassigned

Bug Description

The authentification / authorization is a mess.

 Should re-write to use:

CGI::Application::Plugin::Authentification
CGI::Application::Plugin::Authorization

...support row level authorization for agencies

We need one username/password system (not 3)

rough notes:

      use CGI::Application::Plugin::Authentification
        use CGI::Application::Plugin::Authorization
        use CGI::Application::Plugin::Session

        check authorization in
        MVHub::CGIAppBase::cgiapp_prerun
                restrict access to agency/program records by
                        agency

                restrict access to run modes by group
                        data_entry run modes
                        admin run modes
                        reports

        table users/contacts
                contact_id Name email password phone

        agency_contacts
                agency_id contact_id

        program_contacts
                program_id contact_id
     agency,program table change:
                add contact_id

        table groups
                name group_id

        table user_groups
                email group

        user_agencies
                email agency_id

See original description
Revision history for this message
Swetha (cswetha25) wrote :

What is row level authorization?
how can the admin login and agency login be the same/use the same user name and password?

Changed in mvhub:
status: New → Incomplete
Revision history for this message
Dan MacNeil (omacneil) wrote :

The admin / agency user won't be the same but they will be handled the same way.

Row level authorization allows you to say users can access only a sub set of records (rows) in a table

Answers to other questions are found in man pages for:

CGI::Application::Plugin::Authentification
CGI::Application::Plugin::Authorization

Changed in mvhub:
status: Incomplete → Confirmed
importance: Undecided → Low
Dan MacNeil (omacneil)
summary: - affects use CGI::Application::Plugin::Auth*
+ replace hand-rolled authentication/authorization code with
+ CGI::Application::Plugin::Auth*
Dan MacNeil (omacneil)
description: updated
tags: added: 40-plus-hours gsoc
Dan MacNeil (omacneil)
tags: added: time-40+hrs
removed: 40-plus-hours
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.