Forum OpenACS Q&A: Site-wide search: permissions and URL stubs

1: Site-wide search: permissions and URL stubs

Posted by Dirk Gomez on 10/11/03 10:35 AM

I'm working on site-wide search currently. I first tried site-wide search from the OpenACS CVS repository. It works a bit, but not with the amount of data I am required to work with. E.g. creating the index already takes ages. Inspecting the code manually gives me the suspicion that it isn't too efficient in real life - a lot of pl/sql in sql functions, weirdly-coded sql queries etc. Is someone using this in real life? If so, what's your amount of data? And do you have a working forums search?

I decided to port ACES 3' SWS with which I had worked before so I am quite comfortable with it. Now I am facing two "site-wide" problems which were solved on the ShareNet project and may have been solved in OpenACS and I don't know about it.

Firstly, is there a generic "read" or "view" permission that I can try on *every* object? E.g. file-storage uses "read" to check whether a user has permission, news uses "news_read".

(If I remember correctly for ShareNet we added a generic "view" permission so we could check permissions in site-wide packages without intimate knowledge of the inner workings of a package's permissions.)

Then "stable URLs" (/o URLs) were a way of defering the URL calculation.

My fix for these two problems: add a mapping table that contains information for permission and URL stub. E.g. news would get "news_read" as the required permission and "item?item_id=" as the URL stub. Is that reasonable?

2: Re: Site-wide search: permissions and URL stubs (response to 1)

Posted by Tilmann Singer on 10/11/03 03:23 PM

I guess in the first paragraph you are talking about the package 'site-wide-search' - or did you mean 'search'+'openfts-driver' or (the not implemented) 'search'+'intermedia-driver'? There's a lot of potential of confusion if you don't say exactly what packages you mean.

Regarding privileges: they form a hierarchy. A privilege can have child privileges and thus imply them. E.g. 'read' implies 'news_read'. 'admin' implies all, until some crazy package creates its own top level privilege (which would be perfectly possible). See also the new permission grant page that tries to visualize that.

So I don't see any reason why you couldn't check for 'read' on the objects you want to display. Propably the most efficient way makes use of acs_object_party_privilege_map somehow (not sure).

3: Re: Site-wide search: permissions and URL stubs (response to 2)

Posted by Dirk Gomez on 10/11/03 05:25 PM

No I am refering to the site-wide-search package.

If the privileges form a hierarchy - we don't we just check for read on the news/item page and forget about news_read? Are you sure that news_read doesn't have more semantics than just read?

4: Re: Site-wide search: permissions and URL stubs (response to 3)

Posted by Tilmann Singer on 10/11/03 07:50 PM

<blockquote> why don't we just check for read on the news/item page and
forget about news_read
</blockquote>

It is bad practice to create sub-privs such as news_read without apparent reason. The long term plan is to get rid of them (e.g. forums has a lot too). If there is a different semantic attached to it depends on the package implementation, but in most cases there is not. Most likely news_read does nothing that read couldn't do as well.

5: Re: Site-wide search: permissions and URL stubs (response to 1)

Posted by Carl Robert Blesius on 10/12/03 01:08 AM

You write:

My fix for these two problems: add a mapping table that contains information for permission and URL stub. E.g. news would get "news_read" as the required permission and "item?item_id=" as the URL stub. Is that reasonable?

My question:
Would the permissions mapping you are thinking about allow membership scoped results?

So that a user only gets results on objects with

[user] [group] [world]

   -     read     -

if he is a member of the group.

6: Re: Site-wide search: permissions and URL stubs (response to 1)

Posted by Dave Bauer on 10/12/03 01:17 AM

Carl,

I can't see where the current permissions system doesn't have this data.

Dirk,

What is the URL stub for?

The package specific permissions, are, as Til said, pretty much leftover from ACS 4.2, and are planned to be removed.

7: Re: Site-wide search: permissions and URL stubs (response to 6)

Posted by Carl Robert Blesius on 10/12/03 02:17 AM

I am not worried about the permissions system Dave, but about the little search sprite (with permission to look at everything) blurting out more hypertext than she should when Dirk tcls her.