Secure configuration

Thanks for adding to the documentation

I added the substance of the explanatory comment as a new Appendix A to the existing document Porting your module from mod-configuration to mod-settings.

Thanks, Marc, good to know. Yes, at present mod-ldp stores stuff like database connection details in its own very simple key-value facility at /ldp/config. We should probably switch that to use mod-settings when we have the spare time.

Thanks for your responses.

Yes, granular permissions for accessing configuration information is one of the goals of mod-settings. And, yes, the way this is done is by defining scopes.

That is good to know.

The first module to use this was ui-ldp (not mod-ldp!)

I'm not sure it completely answers your questions but this PR in ui-ldp that implements the use of mod-settings

Ah, that's helpful. I guess I misunderstood what settings were going to be stored. I thought it was going to be the database configuration for LDP and I assumed that meant mod-ldp.

I hope that gives your colleagues all they need to get started — if not, they are welcome to ping me directly, or leave a further comment on this issue. (Once this is resolved, I will write up the results as a HOWTO document in the mod-settings repository.)

Much appreciated, thanks, I think the example is probably enough for me and the folks who I've been talking to.

Hi, . Yes, granular permissions for accessing configuration information is one of the goals of mod-settings. And, yes, the way this is done is by defining scopes.

The first module to use this was ui-ldp (not mod-ldp!)

• The package file defines four permissions: read and write for each of two scopes, which are named ui-ldp.admin (for setting things like the default number of records requested) and ui-ldp.queries (for loading and saving queries).

• The settings page that maintains record-limits does so by invoking <ConfigManager> with scope="ui-ldp.admin" — the invocation works because that component has been extended to work with mod-settings as well as mod-configuration.

• Those settings are loaded by fetching /settings/entries?query=(scope=="ui-ldp.admin" and key=="config").

• A query is is saved by POSTing (for a new query) or PUTting (to overwrite an existing one) to /settings/entries a settings record that has scope: 'ui-ldp.queries'.

• Saved queries are loaded by fetching /settings/entries?query=scope=="ui-ldp.queries"

I hope that gives your colleagues all they need to get started — if not, they are welcome to ping me directly, or leave a further comment on this issue. (Once this is resolved, I will write up the results as a HOWTO document in the mod-settings repository.)