Roles & Capabilities

padams edited this page Jan 28, 2015 · 2 revisions

OWA provides developers with a built-in permission and authentication framework. Every OWA use is assigned a role. A role in turn provides the user wit ha collection of capabilities. Capabilities are mapped to controllers.

Logic is as follows:

  • User makes a request to "do" something.
  • OWA evaluates the "do" and creates the corresponding controller.
  • OWA checks the required capability of the controller
  • OWA checks the role of the user to see if it has the required capability
  • if the user possesses the necessary capability, then all proceeds
  • if not, the user is directed to the login page or an error page if already authenticated by a plugin

Roles

OWA implements a number of default roles that can be assigned to users. See roles for more information.