StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
12220778
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-08-31T18:29:30.983
FavoriteCount
0
LastActivityDate
2012-08-31T18:29:30.983
LastEditDate
LastEditorUserId
0
OwnerUserId
1596335
ParentId
11520448
PostTypeId
2
Score
7
ViewCount
0
LastEditorDisplayName
text
Body
I will provide a brief descriptions of how to use the Authorization, however more detailed information would need to be inferred by reviewing SocialEngine's code. As a note, while we don't compile documentation for SocialEngine, our developers have used the PHPDocumentor style syntax through out our code and you can use an IDE like Neatbeans (http://netbeans.org/) to quickly access that information. SocialEngine has a few controller action helper classes that are used for query authorization within action controllers: <ul> <li>application/modules/Authorization/Controller/Action/Helper/RequireAuth.php</li> <li>application/modules/Core/Controller/Action/Helper/RequireAbstract.php</li> <li>application/modules/Core/Controller/Action/Helper/RequireAdmin.php</li> <li>application/modules/Core/Controller/Action/Helper/RequireSubject.php</li> <li>application/modules/Core/Controller/Action/Helper/RequireUser.php</li> </ul> For the most part the only ones you'll concern yourself with are these: <ul> <li>application/modules/Authorization/Controller/Action/Helper/RequireAuth.php</li> <li>application/modules/Core/Controller/Action/Helper/RequireSubject.php</li> <li>application/modules/Core/Controller/Action/Helper/RequireUser.php</li> </ul> A good example of how these helpers are used can be found in the Album_AlbumController class: application/modules/Album/controllers/AlbumController.php <pre><code>public function init() { if( !$this->_helper->requireAuth()->setAuthParams('album', null, 'view')->isValid() ) return; if( 0 !== ($photo_id = (int) $this->_getParam('photo_id')) && null !== ($photo = Engine_Api::_()->getItem('album_photo', $photo_id)) ) { Engine_Api::_()->core()->setSubject($photo); } else if( 0 !== ($album_id = (int) $this->_getParam('album_id')) && null !== ($album = Engine_Api::_()->getItem('album', $album_id)) ) { Engine_Api::_()->core()->setSubject($album); } } public function editAction() { if( !$this->_helper->requireUser()->isValid() ) return; if( !$this->_helper->requireSubject('album')->isValid() ) return; if( !$this->_helper->requireAuth()->setAuthParams(null, null, 'edit')->isValid() ) return; </code></pre> The code in the init function simply set's the requirements for accessing the page, and then within the editAction function, checks are ran against the authorization data. The requireSubject and requireUser helpers are pretty straight forward: <ol> <li>requireSubject expects that subject for the page is set which in the above example gets done in the init function </li> <li>requireUser checks to see if the viewer is a logged in user</li> </ol> The requireAuth helper is a little less straight forward. I'll omit most of the abstract inner-workings for the sake of brevity. In the end, the helper points to the Authorization_Api_Core::isAllowed function: application/modules/Authorization/Core/Api.php <pre><code>/** * Gets the specified permission for the context * * @param Core_Model_Item_Abstract|string $resource The resource type or object that is being accessed * @param Core_Model_Item_Abstract $role The item (user) performing the action * @param string $action The name of the action being performed * @return mixed 0/1 for allowed, or data for settings */ public function isAllowed($resource, $role, $action = 'view') </code></pre> The $resource and $role objects that the function expects are instances of Zend_Db_Table_Row which is termed Models within SocialEngine and are expected to be located in the Models directory of a module. When the isAllowed function is invoked, the authorization api will query the database against the engine4_authorization_allow, engine4_authorization_levels and engine4_authorization_permissions tables. <ol> <li>The engine4_authorization_levels table contains the member levels created by SocialEngine out of the box, as well as custom member levels created from the Manage > Member Levels section in the admin panel.</li> <li>The engine4_authorization_permissions table contain all the default and admin specified permission handling, such as member level settings. </li> <li>The engine4_authorization_allow contains the the permission data for individual objects. For example information about who is able to view a photo album would be placed there. Whether or not a engine4_authorization_allow.role_id (maps to item id for a model) is allowed to access the engine4_authorization_allow.resource_id (maps to item id for a model) is determined by the engine4_authorization_allow.value column which should contain a number 0-5.</li> </ol> application/modules/Authorization/Api/Core.php <pre><code>class Authorization_Api_Core extends Core_Api_Abstract { /** * Constants */ const LEVEL_DISALLOW = 0; const LEVEL_ALLOW = 1; const LEVEL_MODERATE = 2; const LEVEL_NONBOOLEAN = 3; const LEVEL_IGNORE = 4; const LEVEL_SERIALIZED = 5; </code></pre> 0) Not allowed to access the linked resource. This is the same as the row not existing in the allow table 1) Allowed too access the linked resource 2) Allowed to access and moderate resources (ie. Superadmin, Admin and Moderator member level) 3-5) Get ignored as disallowed. These expect some custom logic in order to handle authorization appropriately.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POUnderstanding user permissions and how to apply it
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USSocialEngine
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POUnderstanding user permissions and how to apply it
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.