ullright Access Control

The ullright access control system is based on users, groups and permissions.

Users are organized in groups, and groups have permissions.

 

Entity relation diagram for ullCore

 

 

ullsfActions::checkPermission($permission)

The default way to protect an (symfony) action is to check for a certain permission.

 

Example for the ullWiki edit action:

// File plugins/lib/ullWikiPlugin/modules/ullWiki/lib/BaseUllWikiActions.class.php
  
  public function executeEdit($request)
  {
    $this->checkPermission('ull_wiki_edit');
    ...
  }   

The checkPermission() method explained:

  • First it checks if a user is logged in. If not, it redirects to the login action.
  • If a user is logged in, it checks the access for the given permission "ull_wiki_edit".
  • If the user doesn't have the required permission a "no access" page is displayed.
  • Otherwise it displays the desired page.

 

The permission "ull_wiki_edit" must be defined in the table "UllPermission".