Roles and Capabilities
OWA provides developers with a built-in permission and authentication framework. Every OWA use is assigned a role. A role in turn provides the user wit ha collection of capabilities. Capabilities are mapped to controllers.
Logic is as follows:
- User makes a request to "do" something.
- OWA evaluates the "do" and creates the corresponding controller.
- OWA checks the required capability of the controller
- OWA checks the role of the user to see if it has the required capability
- if the user possesses the necessary capability, then all proceeds
- if not, the user is directed to the login page or an error page if already authenticated by a plugin
OWA implements a number of default roles that can be assigned to users. See roles for more information.