Aspen Framework

From Aspen Documentation

Aspen supports user accounts, user groups, and user and/or group permissions on an interface, module, and method level.

The structure for these permissions levels are currently available, functioning, and stable. We've built a sample user interface to manage user accounts and group assignments.

An additional interface for managing user permissions, groups, and group permissions is planned for 1.1. View bug 111 for more information.

Users

User accounts are stored in the authentication table. This table consists of their username, encrypted password, last login dates, etc. The record id of this entry is stored in the session as the user_id and is used in various functions for associated items with this user.

As of Aspen 1.0, the username should be an email address in order for the forgotten password system to function properly. This bug is detailed in bug 1257.

Groups

User groups are generic assignments of permissions. Group permissions automatically apply to all users within that group. Users may be in many groups.

Groups are defined in the groups table and may be any value you wish to use.

Group permissions that enable access will override those that disallow access. If a user is in one group that does not have permission to edit users, but is also in another group that does allow it, the user will have permissions to edit users.

The order in which groups are applied to a user does not matter.

Permissions

Permissions are access rights that may be applied to an individual user, or a group.

There are three levels of control:

• Application (interface)
• Module
• Method (page)

To allow access to all area of a particular item, use an asterisk.

Below is a list of example permissions with a description of their effect.