Forum OpenACS Development: Re: XoTCL permissions
We did some work in this direction over the last years (see e.g. the following publication)_
G. Neumann, M. Strembeck: Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language, in: Proc. of the 8th ACM Conference on Computer and Communication Security (CCS), Philadelphia, USA, November, 2001. http://wi.wu-wien.ac.at/home/mark/publications/ccs01.pdf
The implementation is available from Mark Strembeck's home-page: http://wi.wu-wien.ac.at/home/mark/xoRBAC/index.html
The only thing I guess I was wondering about is if XoTCL Core provides a functionality to check by default the permissions on objects. Therefore, if I want to retrieve object_id 2345 it will first check if I have read permission before allowing me to access it.
In OpenACS this is not possible by default, I need to call "permission::permission_p -object_id 2345 -privilege read". My understanding was that this generic approach could be easily adopted in XoTCL, effectively leaving no object without permissions (by having the filter call permission::permission_p for me on all objects). Does this make more sense?
Thanks for the links, I will look into them in detail later this weekend. And yes you are right, I was not talking about the xowiki policies. Out of curiosity, why did you not base them on xoRBAC? Or should I first read the whole documentation before asking the question as you might have done so?