I used the groups system to model a hierarchical organization, i.e. I created groups one, two and three and then defined a composition relation between one and two and between two and three obtaining a structure like:
one
..two
....three
The application requires that if I grant a privilege to a party on a given group, then that party should hinerit the privilege for all groups which directly or indirectly depend by the granted one.
Unfortunately, contrary to my expectations, the acs_objects get as their context_id the object_id of the subsite and not that of the owning group.
Now I'm seeking the advice of those who know to make the program work as originally designed.
One possible way could be: when granting a privilege to a party also navigate the hierarchical structure and explicitly call acs_permission__grant_permission for all the dependent groups.
I wonder if there is a simpler way. I noticed that there are a couple of functions triggered by an acs_object update, i.e. acs_objects_update_tr and acs_objects_context_id_up_tr. Is it safe to update acs_objects pointing the context_id to the correct group_id to get the work done (i.e. automatically generating the acs_object_context_index)?
I would really appreciate any advice.