The security infrastructure for the online community is actually very simple, but it provides a very easy-to-use system for members.
In later chapters, we will look at some ways in which the security system can be adjusted to give us different behaviors we might want to use.
The core online community security system takes responsibility for
Authenticating members (that is, enabling them to log in)
Controlling access to the Member Settings page (so only logged-in members can access it)
Controlling access to the administration system (so only members who are marked as administrators can access it)
Enabling modules to access the currently logged-in member
Each module is then responsible for controlling how users can read and write module-specific data. They do this by accessing the currently logged-in member's details and using them to make decisions about what should be shown to the current user.
This system allows maximum flexibility for modules. It means we can have modules that only allow the member who owns them to input data (for example, the News module) and also modules that allow any user to enter data (for example, a Visitors Book module). Reading and writing of data can be separately restricted to any of the following types of users:
The member who owns the module
The other advantage to allowing modules to do their own security checks is that their user interface can adapt to different users. A good example is the News module. When no member is logged in, or when a member who does not own the News module being viewed is logged in, the module simply displays the news items. When the member who owns the module instance is logged in, the module displays the items, but with an Edit link for each. The member does not need to visit a special page to edit their news itemsthe option is right there where the items are displayed.