Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: <

...

Code Block
xml
xml
linenumberstrue
<!-- Set deny as default, but now we have to make sure we set access explicitly for everything -->
<!-- we don't really need to do this since it happens as soon as we create an ACL, but for completeness... -->
<acl:acl id="acl.default">
        <entry type="deny">*</entry>
</acl:acl>

<!-- Create a private ACL, but fall back to acl.default -->
<!-- ROLE_ADMINISTRATOR will be allowed -->
<!-- anyone else will fall back to acl.default -->
<acl:acl id="private">
        <entry type="allow">ROLE_ADMINISTRATOR</entry>
</acl:acl> 

<!-- Create an internal ACL, but fall back to acl.default -->
<!-- ROLE_ADMINISTRATOR and ROLE_USER will be allowed -->
<!-- anyone else will fall back to acl.default -->
<acl:acl id="internal">
        <entry type="allow">ROLE_ADMINISTRATOR</entry>
        <entry type="allow">ROLE_USER</entry>
</acl:acl>

<acl:acl id="anyone">
        <entry type="allow">*</entry>
</acl:acl>

<!-- now we have to explicitly grant access to roads and property -->
<entity:entity id="road">
        <label>Road</label>
        <acl:acl id="anyone"/>
</entity:entity>

<entity:entity id="property">
        <label>Property</label>
        <acl:acl id="anyone"/>
</entity:entity>

<entity:entity id="rates">
        <label>Rates</label>
        <acl:acl id="internal"/>
</entity:entity>

<entity:entity id="users">
        <label>Users</label>
        <acl:acl id="private"/>
</entity:entity>

Example recommended default acl usage for internal Weave instance

Code Block
xml
xml
linenumberstrue

	<!-- Setup the default acl so that users have to be logged in before they can access the system -->
	<!-- but they still have access to everything that they haven't explicitly been denied access to with other acl's -->
	<acl:acl id="acl.default">
		<entry type="deny">anonymous</entry>
		<entry type="allow">*</entry>
	</acl:acl>

	<!-- For items that only planners should have access to -->
	<acl:acl id="planners">
		<entry type="allow">ROLE_PLANNERS</entry>
		<entry type="deny">*</entry>
	</acl:acl>

	<!-- For items that only engineers should have access to -->
	<acl:acl id="engineers">
		<entry type="allow">ROLE_ENGINEERS</entry>
		<entry type="deny">*</entry>
	</acl:acl>