Forum OpenACS Development: Re: Best Practices for permissions, straw man

12: Re: Best Practices for permissions, straw man (response to 1)

Posted by Don Baccus on 11/21/03 12:44 AM

We could rename the privilege "CREATE SUBOBJECTS" ...

I think we're splitting semantic hairs here ... do roles have to be explicitly modeled in the datamodel to be implemented in the toolkit, or is a standard UI and API sufficient?

Are you suggesting we add a separate role facility in addition to permissions? I'm cold to that idea because the permissions systems is flexible enough to provide the foundation for a role facility via API and UI and does much more, and I don't like having parallel mechanisms for accomplishing the same thing.

13: Re: Best Practices for permissions, straw man (response to 12)

Posted by Tom Jackson on 11/21/03 01:50 AM

Don, I'm not suggesting creating roles. I was just pointing out that roles are something that is handled implicitly by the UI. That actually makes roles very flexible. A nice way of assigning a role is to create a rel_segment. You don't even necessarily need to add privileges to the rel_segment, simple membership can be enough to assign a role in certain situations since the UI is doing the work.