Forum OpenACS Q&A: Re: Site-wide search: permissions and URL stubs

Collapse
Posted by Tilmann Singer on
I guess in the first paragraph you are talking about the package 'site-wide-search' - or did you mean 'search'+'openfts-driver' or (the not implemented) 'search'+'intermedia-driver'? There's a lot of potential of confusion if you don't say exactly what packages you mean.

Regarding privileges: they form a hierarchy. A privilege can have child privileges and thus imply them. E.g. 'read' implies 'news_read'. 'admin' implies all, until some crazy package creates its own top level privilege (which would be perfectly possible). See also the new permission grant page that tries to visualize that.

So I don't see any reason why you couldn't check for 'read' on the objects you want to display. Propably the most efficient way makes use of acs_object_party_privilege_map somehow (not sure).

Collapse
Posted by Dirk Gomez on
No I am refering to the site-wide-search package.

If the privileges form a hierarchy - we don't we just check for read on the news/item page and forget about news_read? Are you sure that news_read doesn't have more semantics than just read?

Collapse
Posted by Tilmann Singer on
<blockquote> why don't we just check for read on the news/item page and
forget about news_read
</blockquote>

It is bad practice to create sub-privs such as news_read without apparent reason. The long term plan is to get rid of them (e.g. forums has a lot too). If there is a different semantic attached to it depends on the package implementation, but in most cases there is not. Most likely news_read does nothing that read couldn't do as well.