Versions Compared

Old Version 1

changes.mady.by.user Benn Oshrin

Saved on

compared with

New Version Current

changes.mady.by.user Benn Oshrin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • For API requests, beforeFilter will perform authentication of the API user. If successful, authorization is processed.
  • For UI requests:
    • Requests for PagesController are granted.
    • If there is no current authenticated user in the session
      • Control is passed to /auth/login/login.php, which is where web server authentication is triggered.
      • Once the web server completes authentication, login.php returns control to the TrafficController process-login action.
      • TrafficController records the login event. TrafficController is intended to eventually be the location for authentication plugins (CO-1983). Control is then returned to the page originally requested.
    • Once there is an authenticated user, authorization is processed.

API Users are bound to specific COs. For UI logins, the authenticated identifier is mapped to Identifiers flagged for login attached to Person records. A given identifier may be valid in more than one CO.

Authorization is performed in RegistryAuthComponent based on the rules established within each table. Each table sets an array of permissions using PermissionsTrait::setPermissions, either directly as an array or as a closure that returns an array. The array has two required keys, entity and table, and one optional key, related.

...

See Also