Home
The Toolkit for Online Communities
17599 Community Members, 2 members online, 2593 visitors today
Log In Register
OpenACS Home : Forums : OpenACS Development : Ideas for using groups to minimize custom permission : One Message

Forum OpenACS Development: Re: Ideas for using groups to minimize custom permission

Collapse
Posted by Lars Pind on
Ok, I think I complicated matters unnecessarily by mentioning the single-row optimization. Forget about that, and let's concentrate on one thing at a time.

Requirement:
------------

- I want to grant 'admin' on all news items to user x.

Dave's Design:
--------------

Create a site-wide "News" group, etc. -- see above.

My conceptual design proposal:
------------------------------

Instead of thinking of this as granting privs on *packages* think about it as granting privs on *objects*.

What you want to do is grant 'admin' on all objects of type 'news_items'.

One possible implementations:
-----------------------------

Add a column 'object_type' to the acs_permissions table, which defaults to 'acs_object', menaning this permission is granted on all object types.

Change the permissions check procs/views to also check whether the object in question is a subtype of the value of object_type column in the acs_permissions table.

... there are other possible implementations, if you agree with me on the conceptual design.

Comments?