|
Perm
Requirements for the Perm core module.
Phase-Requirements IntroductionThis page enumerates the requirements for the Perm core module. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. DetailsThis module MUST NOT assume the presence of any others except the following: It MUST define an API for managing permissions and permission-sets as they relate to agents, per the following normative definitions:
The following database tables MUST be created: CREATE TABLE `Stratos`.`agents` ( `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY, `module` INT UNSIGNED NOT NULL, `arguments` TEXT NOT NULL, `permissions` INT UNSIGNED NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; CREATE TABLE `Stratos`.`permissions` ( `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY, `set` INT UNSIGNED NOT NULL, `name` varchar(32) COLLATE utf8_unicode_ci NOT NULL, `index` INT UNSIGNED NOT NULL, `callback` varchar(32) COLLATE utf8_unicode_ci NOT NULL, `description` varchar(32) COLLATE utf8_unicode_ci NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; CREATE TABLE `Stratos`.`permission_sets` ( `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY, `author` INT UNSIGNED NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; CREATE TABLE `Stratos`.`delegations` ( `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY, `set` INT UNSIGNED NOT NULL, `delegator` INT UNSIGNED NOT NULL, `delegate` INT UNSIGNED NOT NULL, `permissions` INT UNSIGNED NOT NULL, ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; Supported operations MUST include:
The implementation is left to decide how to restrict the read-only permissions on the above operations. Write permissions are governed by the DELEG and _DELEG_ permissions below. Each registered permission SHOULD be offered in the form of a constant 32-bit bitmask equal to the value bit. Each granted permission MUST be stored as a simple bit within an unsigned 32-bit INT database column, and in a row where a reference to the corresponding database object is the value of an unsigned, unique or primary key, INT column. The implementation SHALL define two standard permissions:
Per these two definitions, the implementation MUST throw a runtime exception if any of the following occurs:
If an agent's permissions are modified such that it would no longer be allowed to delegate a given permission, that permission must be removed from all relevant permission-sets assigned by the agent. The instructions for modifying the API in response to a permission MUST NOT be allowed to wrap any delegated permission within one defined by the delegate, effectively delegating a permission without using DELEG. |