Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

Overview

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.

How to enforce

Authentication (AuthN)

The authentication process is handled by including the /include/authenticate.php file on every page that needs to be available to authenticated users (including anonymous).

Authorization (AuthZ)

ResourceSpace provides access control using a group membership mechanism where a user can belong to only one user group at a particular point in time. Each user group has permissions to different parts/functions of the system (e.g edit/view fields, download resources).

The low level function used to verify if a user has a particular permission is checkperm($perm).