Forum OpenACS Q&A: Modify Roles

1: Modify Roles

Posted by dan lieberman on 12/11/01 09:45 AM

i've developed a new module and use the open acs 3 multi-role
permissions scheme - using ad_user_group_user_add to put new roles
into the map. Question - if a user CHANGES role - what happens? open
acs 3 doesnt seem to have api's that maintain the user_group_map
table. In the meantime I delete the record in user_group_map in a
program and reinsert on a role change. It seems kind of a kludge to
bypass the api's not to mention non-portable.

Does version 4 do it better?
thanks!

2: Response to Modify Roles (response to 1)

Posted by Don Baccus on 12/11/01 04:49 PM

[Open]ACS 4 has a more general model, acs-relationships, that map objects+roles to other objects+roles in a one-to-one, one-to-many, or many-to-many relationship. Support for groups and the like are built upon this.

So [Open]ACS 4 does it much more generally. Whether this is better or not is probably a matter of opinion but it's certainly a lot more flexible.

3: Response to Modify Roles (response to 1)

Posted by dan lieberman on 12/11/01 09:30 PM

Don
Thanks - in our case - flexibility wasn't the issue. The multi-role permissions model works well for us. The question is the completeness of the api's.
I guess what i'm saying is that if there are api's to add and query permissions, there should be comparable api's to remove and modify users as well. People may move or get demoted (especially these days :-{).
I hacked modifying the role mappings (once you unravel the spaghetti it's pretty simple). In acs 4 - i'd like to see api's that address the whole lifecycle of permissions (add, mod, del, query)

danny