Forum OpenACS Q&A: SDM Changes: Need feedback

Collapse
2: SDM Changes: Need feedback (response to 1)
Posted by Roberto Mello on
The changes I have made to SDM basically deal with the way permissions are done. I don't understand everything behind the system but this is what I thought:

  • Teams are created (e.g: teamA, teamB)
  • Users are assigned to Teams
  • Packages are assigned to Teams (e.g: cms -> teamA, templating -> teamB)
  • Project admin assigns members to roles (e.g: John (teamA) -> internal)
  • Project admin assigns actions to roles (e.g: internal members can view project, edit project and fix issue. external can view project only)

Therefore:

  • Members of the team that owns the package (granted that they have "view_project" permission) should be allowed to view the project _even_ if the project is not public.
  • By having packages assigned to teams we won't have to create a team for every new package
  • this will give us better granularity on the permissions and more flexibility.

To accomplish this, I created one table:

CREATE TABLE sdm_package_user_group_map (
   package_id  integer 
      constraint sdm_pac_ug_map_package_id_fk
      references packages(package_id),
   group_id    integer 
      constraint sdm_pac_ug_map_group_id_fk
      references user_groups(group_id)
);
and did a modification to user_can_see_package(user_id,package_id), plus modified the pages in the authentication part (for example, in the index.tcl, users will see packages that are public AND those that belong to the group that he/she belongs to).

Comments??? Please.