My favorites | Sign in
Project Home Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
Perm  
Requirements for the Perm core module.
Phase-Requirements
Updated Mar 20, 2011 by jesdisci...@gmail.com

Introduction

This page enumerates the requirements for the Perm core module.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Details

This module MUST NOT assume the presence of any others except the following:

It MUST define an API for managing permissions and permission-sets as they relate to agents, per the following normative definitions:

agent
A (pseudo-)entity represented by an entry within the "agents" database table (below), or the entry itself. Every module is an agent, as is each instance of a module. For example, each user account is an agent - an instance of the User module.
delegator
The agent delegating permissions to another.
delegate
The agent receiving permissions from another.
author
The agent which defined a permission-set.
value bit
In a permission-set, the binary digit which determines whether a certain permission has been granted.
permission
The permission's value bit, or the position/magnitude thereof; or
An entry within the "permissions" database table (below).
permission-set
A bitmask consisting of exactly 32 bits; or
An entry within the "permission_sets" database table (below).
delegated permission-set
A bitmask of permissions assigned to a delegate by a delegator.
computed permission-set
The result of a collective bitwise OR of all delegated permission-sets defined by a given author which were assigned to a given delegate. This is the value to be used for determining how to modify the API, per the author's definitions, to configure the delegate's sandbox.

The following database tables MUST be created:

CREATE TABLE `Stratos`.`agents` (
  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY,
  `module` INT UNSIGNED NOT NULL,
  `arguments` TEXT NOT NULL,
  `permissions` INT UNSIGNED NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

CREATE TABLE `Stratos`.`permissions` (
  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY,
  `set` INT UNSIGNED NOT NULL,
  `name` varchar(32) COLLATE utf8_unicode_ci NOT NULL,
  `index` INT UNSIGNED NOT NULL,
  `callback` varchar(32) COLLATE utf8_unicode_ci NOT NULL,
  `description` varchar(32) COLLATE utf8_unicode_ci NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

CREATE TABLE `Stratos`.`permission_sets` (
  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY,
  `author` INT UNSIGNED NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

CREATE TABLE `Stratos`.`delegations` (
  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY,
  `set` INT UNSIGNED NOT NULL,
  `delegator` INT UNSIGNED NOT NULL,
  `delegate` INT UNSIGNED NOT NULL,
  `permissions` INT UNSIGNED NOT NULL,
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

Supported operations MUST include:

  • declaring Boolean permissions;
  • checking their values;
  • checking whether a permission may be delegated;
  • delegating a permission;
  • retrieving the entire bitmask; and
  • setting the entire bitmask.

The implementation is left to decide how to restrict the read-only permissions on the above operations. Write permissions are governed by the DELEG and _DELEG_ permissions below.

Each registered permission SHOULD be offered in the form of a constant 32-bit bitmask equal to the value bit.

Each granted permission MUST be stored as a simple bit within an unsigned 32-bit INT database column, and in a row where a reference to the corresponding database object is the value of an unsigned, unique or primary key, INT column.

The implementation SHALL define two standard permissions:

  • DELEG: permission to delegate other permissions assigned by the same delegator; value bit 1<<30;
  • _DELEG_: permission to delegate the DELEG and _DELEG_ permissions, and to delegate permissions (subject to the DELEG permission) originating from the same author but not necessarily assigned by the same immediate delegator; value bit 1<<31.

Per these two definitions, the implementation MUST throw a runtime exception if any of the following occurs:

  • An agent attempts to delegate any permission while lacking both DELEG and _DELEG_.
  • An agent attempts to delegate any permission which it was not assigned.
  • An agent receives _DELEG_ but not DELEG and attempts to delegate any permission other than _DELEG_.
  • An agent receives DELEG but not _DELEG_ and attempts to delegate DELEG.
  • Agent A delegates some permissions, including neither DELEG nor _DELEG_, to agent C; agent B delegates DELEG but not _DELEG_ to C; and C attempts to delegate one of the permissions from agent A.

If an agent's permissions are modified such that it would no longer be allowed to delegate a given permission, that permission must be removed from all relevant permission-sets assigned by the agent.

The instructions for modifying the API in response to a permission MUST NOT be allowed to wrap any delegated permission within one defined by the delegate, effectively delegating a permission without using DELEG.

Powered by Google Project Hosting