3. Using the Security Infrastructure

3.1. Introduction

This chapter describes the security infrastructure from the developer point of view. For generatil details about security and its configuration see Chapter 13, Security Configuration.

The security management in cartoweb is separated in the following parts:

  • Management of the user/password/roles database. (SecurityContainer class in common/SecurityManager.php).
  • Management of user authentication (calling checkUser and setUser/setUserAndRoles in SecurityManager).
  • Granting access to objects based on the current roles.

3.2. Plugins Managing Security Database and Authentication

Point 1. and 2. in the previous section are the responsibility of specific plugins. For an example, see the auth plugin.

3.3. Plugins Granting or Denying Access to Objects/Features in CartoWeb

This point is the most important for plugin developers wanting to use the CartoWeb security mechanisms to allow or deny an access to a feature/object.

The plugin can call the method hasRole($roles) on the current security manager.

For an example, let's take the pdf plugin which has to restrict printing some formats only to allowed users.

in the .ini file, we could have:

formats.A4.allowedRoles = printers, admin

In the plugin, we can then check the permissions with:

in the routine building the available format list:
foreach($formats as $format) {

 ... add the format to the list ...
 $roles = $this->getRolesForFormat($format); //this should get it from the .ini
 if (!SecurityManager::getInstance()->hasRole($roles))
     continue; // skips unauthorized resolution for this user

  .. do the work with the format ...

in the routine handling the user passed parameters:

.. to the same check as above ..