first stage of transitioning to the new SecurityMonitor-based security

architecture--it's implemented at the global level and for communities, conferences still use the old hard-coded implementation. The new StaticSecurityMonitor is configured via XML data, which will be important when we implement the new Community Services architecture
2001-11-18 09:32:21 +00:00
parent 47b88efd75
commit 5f966a6450
36 changed files with 2024 additions and 572 deletions
--- a/etc/venice-config.xml
+++ b/etc/venice-config.xml
@@ -54,6 +54,137 @@
    <wait-if-busy/>
  </database>

+  <!-- This section is used to configure the default security contexts, and should probably
+       not be tampered with. -->
+  <security>
+    <security-definition id="Global">
+      <defined-roles>
+	<role id="Anonymous" value="L+100">Anonymous User</role>
+	<role id="Unverified" value="L+500">Unauthenticated User</role>
+	<role id="Normal" value="L+1000">Normal User</role>
+	<role id="AnyAdmin" value="HMIN">Any System Administrator</role>
+	<role id="PFY" value="H+1000">System Assistant Administrator</role>
+	<role id="BOFH" value="HMAX">Global System Administrator</role>
+      </defined-roles>
+      <defined-lists>
+	<list id="UserLevels">
+	  <element role="Global.Anonymous"/>
+	  <element role="Global.Unverified"/>
+	  <element role="Global.Normal"/>
+	  <element role="UnrestrictedUser"/>
+	</list>
+	<list id="UserLevelsPFY">
+	  <element role="Global.Anonymous"/>
+	  <element role="Global.Unverified"/>
+	  <element role="Global.Normal"/>
+	  <element role="UnrestrictedUser"/>
+	  <element role="Global.PFY"/>
+	</list>
+	<list id="CreateCommunity">
+	  <permission/>
+	  <element role="Global.Normal" default="true"/>
+	  <element role="UnrestrictedUser"/>
+	  <element role="Global.AnyAdmin"/>
+	  <element role="Global.PFY"/>
+	  <element role="Global.BOFH"/>
+	</list>
+      </defined-lists>
+      <defaults>
+	<default id="NewUser" role="Global.Unverified"/>
+	<default id="AfterVerify" role="Global.Normal"/>
+	<default id="AfterEmailChange" role="Global.Unverified"/>
+      </defaults>
+      <permissions>
+	<permission id="ShowHiddenCategories" role="Global.AnyAdmin"/>
+	<permission id="NoEmailVerify" role="Global.AnyAdmin"/>
+	<permission id="SeeHiddenContactInfo" role="Global.AnyAdmin"/>
+	<permission id="SearchHiddenCommunities" role="Global.AnyAdmin"/>
+	<permission id="ShowHiddenCommunities" role="Global.AnyAdmin"/>
+	<permission id="SearchHiddenCategories" role="Global.AnyAdmin"/>
+	<permission id="SysAdminAccess" role="Global.AnyAdmin"/>
+	<permission id="PublishFP" role="Global.AnyAdmin"/>
+	<permission id="DesignatePFY" role="Global.BOFH"/>
+      </permissions>
+    </security-definition>
+    <security-definition id="Community" parent="Global">
+      <defined-roles>
+	<role id="Member" value="L+500">Community Member</role>
+	<role id="AnyAdmin" value="HMIN">Any Community Administrator</role>
+	<role id="Cohost" value="H+1000">Community Co-Host</role>
+	<role id="Host" value="H+1500">Community Host</role>
+      </defined-roles>
+      <defined-lists>
+	<list id="Read">
+	  <permission/>
+	  <element role="Global.Anonymous"/>
+	  <element role="Global.Unverified"/>
+	  <element role="Global.Normal"/>
+	  <element role="Community.Member" default="true"/>
+	  <element role="UnrestrictedUser"/>
+	  <element role="Community.AnyAdmin"/>
+	  <element role="Community.Cohost"/>
+	  <element role="Community.Host"/>
+	  <element role="Global.AnyAdmin"/>
+	</list>
+	<list id="Write">
+	  <permission/>
+	  <element role="Community.AnyAdmin"/>
+	  <element role="Community.Cohost" default="true"/>
+	  <element role="Community.Host"/>
+	  <element role="Global.AnyAdmin"/>
+	  <element role="Global.PFY"/>
+	  <element role="Global.BOFH"/>
+	</list>
+	<list id="Create">
+	  <permission/>
+	  <element role="Global.Normal"/>
+	  <element role="Community.Member"/>
+	  <element role="UnrestrictedUser"/>
+	  <element role="Community.AnyAdmin"/>
+	  <element role="Community.Cohost" default="true"/>
+	  <element role="Community.Host"/>
+	  <element role="Global.AnyAdmin"/>
+	</list>
+	<list id="Delete">
+	  <permission/>
+	  <element role="Community.AnyAdmin"/>
+	  <element role="Community.Cohost"/>
+	  <element role="Community.Host" default="true"/>
+	  <element role="Global.AnyAdmin"/>
+	  <element role="Global.PFY"/>
+	  <element role="Global.BOFH"/>
+	  <element role="NoAccess"/>
+	</list>
+	<list id="Join">
+	  <permission/>
+	  <element role="Global.Anonymous"/>
+	  <element role="Global.Unverified"/>
+	  <element role="Global.Normal" default="true"/>
+	</list>
+	<list id="UserLevels">
+	  <element role="NotInList"/>
+	  <element role="Global.Anonymous"/>
+	  <element role="Global.Unverified"/>
+	  <element role="Global.Normal"/>
+	  <element role="Community.Member"/>
+	  <element role="UnrestrictedUser"/>
+	  <element role="Community.Cohost"/>
+	</list>
+      </defined-lists>
+      <defaults>
+	<default id="NewUser" role="Community.Member"/>
+	<default id="Creator" role="Community.Host"/>
+      </defaults>
+      <permissions>
+	<permission id="ShowAdmin" role="Community.AnyAdmin"/>
+	<permission id="NoJoinRequired" role="Global.AnyAdmin"/>
+	<permission id="NoKeyRequired" role="Global.AnyAdmin"/>
+	<permission id="ShowHiddenMembers" role="Community.AnyAdmin"/>
+	<permission id="ShowHiddenObjects" role="Community.AnyAdmin"/>
+      </permissions>
+    </security-definition>
+  </security>
+
  <!-- This section is used to configure electronic mail services. -->
  <email>
    <!-- The SMTP server to use when sending messages out.  This server must be