Roles
Posted in Technical by JarrettV on 3/17/2009 11:47:00 PM - CSTAtomSite has five roles. Administrators, authors, contributors, and users are authenticated. The fifth role is anonymous. Each role has a set of actions that can be performed depending on their function.
The below table describes the default role matrix supplied out of the box. This matrix can be customized at three different levels: service, workspace, collection.
| Function | Action | Admin | Author | Contrib | User | Anon |
|---|---|---|---|---|---|---|
| AtomPub | Get Service Doc |
|
|
|
||
| Update Service Doc |
|
|
||||
| Get Collection Feed |
|
|
|
|||
| Create Entry/Media |
|
|
||||
| Get Entry/Media |
|
|
|
|||
| Update Entry/Media |
|
|
|
|||
| Delete Entry/Media |
|
|
||||
| Peek Entry/Media |
|
|
|
|
|
|
| AtomSite | Get Feed |
|
|
|
|
|
| Get Annotations |
|
|
|
|
|
|
| Annotate |
|
|
|
|
|
|
| Approve Entry/Media |
|
|
||||
| Approve Annotation |
|
|
|
|||
| Rate Entry/Media |
|
|
|
|
|
The green check means full access across all workspaces and collections. The yellow check denotes restricted access to just authorized workspace/collection.
The <app:service>, <app:workspace>, and <app:collection> elements in the service document allow a <svc:roleMatrix> extension element. The following code shows an example of the above default roleMatrix element:
<svc:roleMatrix xmlns:svc='http://atomsite.net/info/Service'> <!-- AtomPub Actions--> <svc:roleAction name='GetServiceDoc' admin='True' author='True' contrib='True' user='False' anon='False'/> <svc:roleAction name='UpdateServiceDoc' admin='True' author='True' contrib='False' user='False' anon='False'/> <svc:roleAction name='GetCollectionFeed' admin='True' author='True' contrib='True' user='False' anon='False'/> <svc:roleAction name='CreateEntryOrMedia' admin='True' author='True' contrib='False' user='False' anon='False'/> <svc:roleAction name='GetEntryOrMedia' admin='True' author='True' contrib='True' user='False' anon='False'/> <svc:roleAction name='UpdateEntryOrMedia' admin='True' author='True' contrib='True' user='False' anon='False'/> <svc:roleAction name='DeleteEntryOrMedia' admin='True' author='True' contrib='False' user='False' anon='False'/> <svc:roleAction name='PeekEntryOrMedia' admin='True' author='True' contrib='True' user='True' anon='True'/> <!-- Additional Actions --> <svc:roleAction name='GetFeed' admin='True' author='True' contrib='True' user='True' anon='True'/> <svc:roleAction name='GetAnnotations' admin='True' author='True' contrib='True' user='True' anon='True'/> <svc:roleAction name='Annotate' admin='True' author='True' contrib='True' user='True' anon='True'/> <svc:roleAction name='ApproveEntryOrMedia' admin='True' author='True' contrib='True' user='False' anon='False'/> <svc:roleAction name='ApproveAnnotation' admin='True' author='True' contrib='True' user='False' anon='False'/> <svc:roleAction name='RateEntryOrMedia' admin='True' author='True' contrib='True' user='True' anon='True'/> </svc:roleMatrix>