title

Security concept based on Talos

This section about 'Authorization' is addressed to developers who intend to customize Tiny Marbles CMS. The basic authorization concept of Tiny Marbles uses 'Zone', 'Group' and 'User'. The user inherits the permissions of the group, the group inherits the permissions of the zone. The groups can be organized as a group tree, the user can be assigned to a group node and inherits the permissions from the group nodes. The users inherits automatically all permissions of the parent group nodes as well. Therefore it is enough to grant permissions to the root group if all users of this particular tree should have the same permissions. In your code you simply pass the user, group and zone information of the signed in user to Talos, and ask if actions for the user are allowed. Actions could be for example: 'create an article', or 'delete a user' or 'upload an image'.

doc_um_zones01.png

  • You are able to grant or revoke permissions to the entities Zone, Group or User
  • In case you would like to check if 'create article of the type HTML is allowed' for a signed in user, you would write the following code using Talos: talos.withSubjectOr('Zone','Group01','Group02', 'User').andCategory('Article HTML').isAllowed('Create Article HTML');
  • The permissions of 'Zone', 'Group01', 'Group02', 'User' are related with 'OR': if at least one of these items has permission 'create' on 'articles' the return value is 'true'.
  • With that behaviour the user management provides inheritance. For example: we grant 'create' for the category 'articles' to the whole zone. Each member of the zone is allowed to 'create' new 'articles', even if the user himself doesn't have the permission.

title

Talos: Authorization Engine

From the developer point of view Talos is an authorization engine designed for easy and efficient management of access rights. You can check access rights and change them in single-line commands, directly from the code, without dealing with external XML, policy files, and classpath. Here you get further information about Talos:

PDF: Talos - An Expressive Authorization Engine

Check out the project Talos on SourceForge.