N°1248 - User Management Portal

* Added a new grant_by_profile category that allows to manage certain classes in addition to bizmodel with user profiles.
* The following classes have the new grant_by_profile category:
    User, UserInternal, UserLocal, UserLDAP, UserExternal, URP_UserProfile, URP_UserOrg
* For these classes, it is possible to manage access rights with user profiles for non-administrators.
* For these classes, the default behavior of SELECT requests changes from allowed to forbidden.
* For user profiles, the default behavior '*' is limited to the bizmodel category to keep the previous behavior of profiles, i. e. for classes in the grant_by_profile category, rights (including READ) must be given explicitly.
* New constraints have been added, so only an administrator can manage (attach or detach) the 'Administrator' profile.

SVN:trunk[5298]

datamodels/2.x/authent-local/model.authent-local.php

@@ -32,7 +32,7 @@ class UserLocal extends UserInternal
 	{
 		$aParams = array
 		(
-			"category" => "addon/authentication",
+			"category" => "addon/authentication,grant_by_profile",
 			"key_type" => "autoincrement",
 			"name_attcode" => "login",
 			"state_attcode" => "",