46 lines
1.6 KiB
HTML
46 lines
1.6 KiB
HTML
{% extends "base.html" %}
|
|
{% load i18n %}
|
|
|
|
{% block content %}
|
|
|
|
{% if title %}
|
|
<h2>{{ title }}</h2>
|
|
{% else %}
|
|
<h2>{% trans "Select the type of permission you want to add" %}</h2>
|
|
{% endif %}
|
|
|
|
|
|
{% if messages %}
|
|
<ul class="messages">
|
|
{% for message in messages %}
|
|
<li{% if message.tags %} class="{{ message.tags }}"{% endif %}>{{ message }}</li>
|
|
{% endfor %}
|
|
</ul>
|
|
{% endif %}
|
|
|
|
<p>
|
|
<ul>
|
|
<li class="bigbutton"><a class="bigbutton" href='/add_permission'>Add an IBAC or RBAC permission</a></li>
|
|
<li class="bigbutton"><a class="bigbutton" href='/add_abac_permission'>Add an ABAC permission</a></li>
|
|
</ul>
|
|
</p>
|
|
|
|
<p>
|
|
Choose here if you want to add an IBAC or RBAC permission only or if you want to add an ABAC permission.
|
|
</p>
|
|
|
|
<p>
|
|
An IBAC or RBAC permission is delegable if you define it as is. It means that a user that is enabled as self-administrator and granted an access through a permission delegable will be able to set a permission for another user on the 'what' and 'how' of the permission.
|
|
</p>
|
|
|
|
<p>
|
|
An ABAC permission is not delegable. And this even if you can define ABAC permissions that are IBAC or ABAC permissions. Indeed, consider that ABAC_permission(Anybody, object_1, action_1, ABAC rule is PredicateRole(role_1)) is equivalent to RBAC_permission(role_1, object_1, action_1), and ABAC_permission(user_1, object_1, action_1, ABAC rule is empty) is equivalent to IBAC_permission(user_1, object_1, action_1). You should by yourself determine when it is the case and then define them as IBAC or RBAC permissions.
|
|
</p>
|
|
|
|
|
|
<div class="right">
|
|
<a class="back" href="{{ backlink }}">{% trans "Back" %}</a>
|
|
</div>
|
|
|
|
{% endblock %}
|