Forum OpenACS Development: Re: Idea: Give every package_id an application group

Collapse
Posted by Dave Bauer on
Tom,

Good point. There are Tcl procs to do this already.

My goal was to make it simpler to accomplish a common goal, and to define a best practice. We have too many different ways to do things, and no clear path to accomplish common things.

Tom asked "... how are admin permissions granted on package objects in the usual case? Is there a document that suggests usage of context_id, etc.?"

As far as I can tell, there is no common way to do this.

I believe the common case is to grant admin manually over a subsite, or a package, or as a shortcut, many sites have one person who admins everything, so he is just site wide admin, reducing the need for specific permissions.

I have a case where I need folks to be admin over just this one package, and i need to also give the admins of this package permissions over a few other objects. The ability to take a subset of users and grant them permissions over a few random objects outside the package is the reason to use a relational segment. I can add users to the relationsl segment and I don't have to track down every random object they need admin over.

Collapse
Posted by Malte Sussdorff on
I thought the "common practice" was to give admin on the package_id if you want it on package level, or per subsite if you want to spawn across multiple packages.

Creating an application group per package by default seems to be a little bit overkill to me, though for your example it makes perfect sense. The question would be, how common is your example...