Access Control - Tizra/Tizra-Customer-Tracker GitHub Wiki

Access Control

Access control in Tizra is based, like all access control systems, on the user identity (User), and the content being accessed (Content), as well as type of operation the User is attempting to perform. In Tizra, operations are almost basically "read" operations that generate a web page. However, each page template can be individually controlled because it has a ViewId associated with it. File downloads also have unique ViewIds, allowing individual attachment areas (and PDF downloads) to be explicitly controlled. This is how, for instance, a book can have teacher-only resources stored in it without giving answers to students.

The final result of a user request depends on site settings, as well as the particular User and the (Content and ViewId of their request).

The following summarizes some of the basic facts in bullet form:

  • User is a Tizra account. Without special configuration a being logged in as a User does not grant any special access not granted to sessions where no user is logged in.
    • A User can have a License, which grants access to particular views of an object.
    • A User may also be a member of one or more Account Sets based on the tags in the user account's properties. Account Sets can also have associated licenses.
    • Standard site configurations include an All Users Account Set, which can be used to grant privileges to everyone with a valid login.
    • In single sign-on (SSO) implementations, a Tizra account is created and/or updated at login.
  • Sessions with no logged in User may have privileges granted to them, by means of special Account Sets requiring one of the tags NOT_LOGGED_IN or LOGGED_OUT. (The two tags function identically, and the duplication is simply a historical quirk).
  • The Home Page of a site represents the whole site, but is also a piece of Content itself. Many standard ViewIds are typically handled by directly by the site. However, as the home page also "owns" all content, one must be very careful in adjusting the global access privileges.
  • The ViewId may appear in the URL:
    • as a final component preceded by a tilde ~, e.g. ~registerUser;
    • downloads and site assets are usually represented by a viewID with two tildes ~~ based on the name of the source or attachment area, e.g. ~~Attachments/download.xls, ~~PdfSource/0
  • The ViewId for a request may be determined by the server based on various checks, as for instance, ~accessDenied, which is normally not visible in the URL, and which represents the page displayed when an attempt is made to access something to which a user does not have access.
  • If the URL does not contain a tizra-id or custom URL for a piece of content, the view is applied to the Site Object.
  • If no view is specified, the view used is ~toc or ~default.

View Ids

Here are some generally useful ViewIds that don't show up in URLs, but are good to know:

  • sourceDownload: Ability to download an entire document.
  • pdfdownload: Ability to download a PDF file created for an Excerpt of the document.
  • attachment/FreeAttachments, attachment/Attachments: All sources (attachment areas) have a unique view. All individual files in a source have the same access rules.
  • printview: ability to go to the reader "print page" function, which allows printing multiple pages.
  • page: Ability to view the content in the reader, by viewing pages.

Site access control options

Site settings for access control (and modifications to them) are all based on two lists. Items in each list are patterns that are matched against the view that the server is attempting to deliver.:

  • freeUserViews: a list of views that are explicitly permitted.
  • restrictedUserViews: a list of views that must be authorized by a License, which must be attached to either the User or an active Account Set.

There are several types of patterns in the free and restricted lists:

  • A simple pattern matches a viewId directly, e.g. searchResults, passwordHelp, toc.
  • A complex ViewId (containing a /). Currently these are only used for access to files, e.g. attachment/FreeAttachments attachment/Attachments. Note that the simple pattern FreeAttachments will also match requests for attachment/FreeAttachments, and the simple pattern attachment will match all sources/attachment sreas.
  • A type-restricted ViewId (containing a :). These match only if the MetaType of the object matches the bit before the colon, e.g. StaticPage:toc
  • A wildcard pattern:
    • *, which matches all or many views, e.g. * matches all views,
    • Post:* matches all views on a blog post, based on the meta-type.

The selection of site access options in the Site Settings allows a choice between four preconfigured options, with different free and restricted views:

  • open (no restrictions)
    • freeUserViews: *; this matches all views; see below for a list of the standard views.
    • restrictedUserViews: "" An empty value, representing no restrictions.
  • block access to documents only (unauthorized visitors can see site pages and abstracts but not documents):
    • freeUserViews: Generally free views (see below) + searchResults, advancedSearch, bookindex, titleindex, commerce, contactUs, redeem, redeemCode, ~redeemCode, attachment/CoverImage, attachment/PropSource, registerUser, SiteDisplay:toc, SiteDisplay:default, commerce, stream, redeem, redeemCode, ~redeemCode, StaticPage:toc, StaticPage:default.
    • restrictedUserViews: * By default, all views are restricted unless specifically enabled above.
  • block access to documents and metadata (unauthorized visitors can see site pages only)
    • freeUserViews: Generally free views (see below) + registerUser, SiteDisplay:toc, SiteDisplay:default, commerce, stream, redeem, redeemCode, ~redeemCode, StaticPage:toc, StaticPage:default.
    • restrictedUserViews: * By default, all views are restricted unless specifically enabled above.
  • private (everything is restricted to unauthorized users, including the home page)
    • freeUserViews: "" An empty value, representing no free views at all.
    • restrictedUserViews: *; this matches all views.

How the site view access options change for particular Users or Content:

Licenses and individual objects affect the site's default access control settings by either extending access or restricting it further. Licenses Will grant access to all views of an object, except for an explicit list of ViewIds. Tizra default Offers will only restrict SourceDownload.

If an object has a freeUserViews property, site restrictions will be removed for any views matching one of these values. This will extend access, just for this particular object.

If an object has a restrictedUserViews property, views matching these patterns will be restricted for that object, even if the site would normally allow the ViewId for other objects.

If a site has the freeUserViews or restrictedUserViews (or both) set as an advanced property, they will modify the standard access settings made by the standard site access control.

Generally free views

These are only restricted in the No Access site setting:

css, passwordHelp, passwordhelp, logout, accessDenied, userInfo, userLicenses, attachment/FreeAttachments, activeAdminLoginForm, activeLogin, editUserInfo, editUserPersonalization, userPersonalization, passiveLogin, refresh, generateValidationCallback, SSOlogin, remoteAccess, thumbNail, userOrderHistory