Forum OpenACS Development: Re: Ideas for using groups to minimize custom permission

Posted by Lars Pind on
Ok, I think I complicated matters unnecessarily by mentioning the single-row optimization. Forget about that, and let's concentrate on one thing at a time.


- I want to grant 'admin' on all news items to user x.

Dave's Design:

Create a site-wide "News" group, etc. -- see above.

My conceptual design proposal:

Instead of thinking of this as granting privs on *packages* think about it as granting privs on *objects*.

What you want to do is grant 'admin' on all objects of type 'news_items'.

One possible implementations:

Add a column 'object_type' to the acs_permissions table, which defaults to 'acs_object', menaning this permission is granted on all object types.

Change the permissions check procs/views to also check whether the object in question is a subtype of the value of object_type column in the acs_permissions table.

... there are other possible implementations, if you agree with me on the conceptual design.