Ownership and anonymous objects
When an object in the Siteframe Beaumont database is owned by a user, this means, in practice, that the table has a something_user_id column that is a foreign key back to the user table. In the class definition for the object, there is also a metadata field, "owner", that holds the name of the owner ID column. Finally, an internal method authorized() determines which users are authorized to access a particular object. This method can be overridden to provide specific authorization capabilities.
Ownership confers a number of privileges; specifically, the owner of an object always has the ability to save, modify, or delete an object, whether that object is a folder, a page, or something else. Likewise, a site administrator also has those same privileges. Other privileges may be granted by the owner: for example, a folder can have an access control list that determines which users are allowed to post pages in that folder. In the future, more sophisticated authorization() functions may be provided.
Some objects in the database do not have a specific owner. These are called anonymous objects; in essence, they can be created by anyone (even, potentially, a non-logged-in user), and are owned by the site administrator. For example, a user can create an RSS feed object by referencing it in a Smarty function from a custom template page. However, once that feed object is created, it can only be modified or deleted by the site administrator. Likewise, a plugin developer might create a feature to support anonymous comments; in this case, the comment can only be edited or deleted by the site administrator, since it has no official "owner."
Ownership confers a number of privileges; specifically, the owner of an object always has the ability to save, modify, or delete an object, whether that object is a folder, a page, or something else. Likewise, a site administrator also has those same privileges. Other privileges may be granted by the owner: for example, a folder can have an access control list that determines which users are allowed to post pages in that folder. In the future, more sophisticated authorization() functions may be provided.
Some objects in the database do not have a specific owner. These are called anonymous objects; in essence, they can be created by anyone (even, potentially, a non-logged-in user), and are owned by the site administrator. For example, a user can create an RSS feed object by referencing it in a Smarty function from a custom template page. However, once that feed object is created, it can only be modified or deleted by the site administrator. Likewise, a plugin developer might create a feature to support anonymous comments; in this case, the comment can only be edited or deleted by the site administrator, since it has no official "owner."
