1 | | TBD |
| 1 | = !MapGuide RFC 20 - Concurrent FDO provider connections = |
| 2 | |
| 3 | This page contains a change request (RFC) for the !MapGuide Open Source project. |
| 4 | More !MapGuide RFCs can be found on the [wiki:MapGuideRfcs RFCs] page. |
| 5 | |
| 6 | |
| 7 | == Status == |
| 8 | |
| 9 | ||RFC Template Version||(1.0)|| |
| 10 | ||Submission Date||May 7, 2007|| |
| 11 | ||Last Modified||Trevor Wekel [[Timestamp]]|| |
| 12 | ||Author||Trevor Wekel|| |
| 13 | ||RFC Status||not ready for review|| |
| 14 | ||Implementation Status||not implemented|| |
| 15 | ||Proposed Milestone||1.2|| |
| 16 | ||Assigned PSC guide(s)|||| |
| 17 | ||'''Voting History'''|||| |
| 18 | ||+1|||| |
| 19 | ||+0|||| |
| 20 | ||-0|||| |
| 21 | ||-1|||| |
| 22 | |
| 23 | == Overview == |
| 24 | |
| 25 | This RFC exposes existing functionality within !MapGuide to allow the MapGuide session identifier to be used to obtain userid, group, and role information for the user associated with the session identifier. |
| 26 | |
| 27 | == Motivation == |
| 28 | |
| 29 | User, group and role information has to be currently maintained by the web applications. Adding this functionality will make web applications easier to develop and has been requested by a number of users. |
| 30 | |
| 31 | == Proposed Solution == |
| 32 | |
| 33 | |
| 34 | Expose the API: |
| 35 | |
| 36 | STRING MgUserInformation::GetUserName() |
| 37 | |
| 38 | MgByteReader* MgSite::EnumerateGroups( CREFSTRING user, CREFSTRING role ); |
| 39 | MgStringCollection* MgSite::EnumerateRoles( CREFSTRING user, CREFSTRING group ); |
| 40 | |
| 41 | |
| 42 | Make the following internal changes: |
| 43 | |
| 44 | Append the username (hex encoded) to the session identifier when it is created. Modify permissions on EnumerateGroups and EnumerateRoles so that a user can enumerate his own groups and roles. |
| 45 | |
| 46 | == Implications == |
| 47 | |
| 48 | This RFC is strictly an API enhancement. Having the userid contained in the session identifier makes MapGuide a little less secure. However, stealing a session identifier will compromise the user so the damage has already been done. |
| 49 | |
| 50 | == Test Plan == |
| 51 | |
| 52 | Write a simple app to verify that standard users can access their own groups and roles. Also validate that non-Author and non-Admin users do not have access to other groups and roles. |
| 53 | |
| 54 | == Funding/Resources == |
| 55 | |
| 56 | Autodesk to provide resources / funding. |