Forum OpenACS Q&A: Inheriting permissions from an object that is not the parent


I'm currently working on a site where I've integrated project-manager & file-storage.

Idea is that there is a file-storage folder under which there is a sub-folder for each project in project-manager. I've hacked up project-manager so that said sub-folders are automatically created on project creation time, and use fs-portlet to include the contents of the folder on the main project page.

So far so good. However, I'd like the folder to inherit the permissions from the project. Not the permissions of the root folder. Of course I could hack up project-manager a bit more so that it sorts it out on creation time, but perhaps there is a more elegant way of doing this?

BTW: One other thing I already thought of (and dismissed) was making the project (which is also a CR object, just like the fs folders) the actual parent of the fs folder. Reason for dismissal is that I want to be able to mount the entire projects root folder via webdav, so that I have a single webdav folder with subfolders for each project. When making the project the parent of the fs folder I end up with a bazillion root folders, which is not practical.

This might be a good idea to make the folder hierarchy an acs relationship that defaults to parent (if none is there), so you can  e.g. for webdav mount a folder with multiple roots.
Why don't you change the root folder to inherit permissions from the project?

Is it true that there is one file-storage root folder per project?

I've added in support for attaching files via general-comments, but I like the idea of having file-storage integrated with project manager. Let me know if you come up with a good solution to this.
Dave: there is not one root folder per project, as that is exactly the situation I want to avoid. I want 1 root folder per project-manager instance, with individual sub-folders inheriting permissions from the actual project they belong to.

Malte: care to elaborate? It sounds like you're on to something, but I don't get it.

Jade: I'm already working on that, I already have something that works, but it's far too much of a hack to release.

To be continued - all good ideas still welcome.

My basic idea was to get rid of the fixed child/parent relationship (1:1) but make it a flexible one (n:m) using relationships. Let's call it multiple_child_parent_rels for the moment. The CR and the permission system then would have to be ammended, to look in the multiple_child_parent_rels "table", if the current object has an entry there. If it does, go up to the parent object to get information from there (or the other way down for file-storage).

This way you could e.g. have an identical subfolder "marketing" in project A's files and project B's files.

Now for permissions, this would work exactly the same way. The permission system would look up the parent relationships from the relationship table. The user_id and role would then be probed against all possible permissions from the parents (instead of only one).

No clue how this impacts performance and if someone has thought about ammending the core in such a way. And please have patience for not being technically correct in my description, I'm just to lazy at the moment.