Wiki source for SecurityDiscussedFurther


Show raw source

===File/Script/Page Security===

As explained [[http://www.weberp.org/weberp/doc/Manual/ManualContents.php?ViewTopic=SecuritySchema elsewhere in the manual]] security "tokens" are used to control the access to each file (also called script or page) within webERP. These "tokens" can be seen in Setup > Role Permissions then editing one of the roles. See the [[FilesScriptsPagesAndTokensList list of tokens with their number and explanation]]. Each token is either part of the role you selected to edit or it is not but is available to be part of that role if you choose it to be.

The way it works is that each file/script/page has the $PageSecurity variable set at the top of it. This variable will be set to a token number. Each user has exactly one role. If that exact token number is in the role of the current user then that user will be able to access the file.

The only way to add tokens is to access the underlying database and add them directly in the securitytokens table. If the security of an individual file needs to be changed without the possibility of changing the security of any other file that may use the same token then a new token should be created and that one file’s $PageSecurity set to that new token. As well, whichever role(s) need access to that file must have that new token added to them. If a role does not have the new token and the file is set to the new token then that role will no longer be able to access that file until it does have that new token.

If customizing security by creating new tokens it is suggested to use token numbers from 80 to 99. In that way if other tokens are needed in the base webERP, they will not interfere.

There is also a list of files/scripts/pages and the corresponding tokens they use in the develoment section of this wiki.

Tim had a nice idea to improve the flexibility of this system is to create an include of the $PageSecurity variables for each page - in every script

%%(php)<?php
include ("includes/PageSecurityDefinitions.php");
$PageSecurity = CUSTOMER_MAINTENANCE;
...
%%

then under includes/PageSecurityDefinitions.php

%%(php)<?php
DEFINE CUSTOMER_MAINTENANCE 5
DEFINE CUSTOMER_INQUIRIES 3
DEFINE ORDER_ENTRY 1
....
%%

This script would then provide one place that permissions and roles could be more tightly defined using the existing system


Valid XHTML :: Valid CSS: :: Powered by WikkaWikiGet webERP Accounting & Business Management at SourceForge.net. Fast, secure and Free Open Source software downloads