Forum OpenACS Development: Re: Best Practices for permissions, straw man

Collapse
Posted by Jeff Davis on
Carl, how would you propose we deal with the situation Don mentioned where you want people to be able to add files to a folder in file storage but not edit the folder itself?
Collapse
Posted by Joel Aufrecht on
"How is this different than the write privilege on a Unix directory, which says 'you can write this file, and that includes adding a child file or deleting a child file'?"

If create and write are the same thing, how do we differentiate between permission to change your own objects and permission to change other people's objects?  It seems to me that the way it should work is:  Alice has the create privilege on object #1, and this (is tested for in a UI which ) allows her to create object #2, which is in some sense "inside" object #1.  (Obvious tangent that we've touched on before and which I want to come back to later: is Alice explicitly granted some privileges on object #2?).  Meanwhile, Bob has the write privilege for object #2.  This means that Bob can delete or edit object #2.  It does _not_ mean that Bob can allow other users to delete or edit object #2.

Do I have that example right?