Forum OpenACS Development: Custom privileges for a package

Collapse
1: Custom privileges for a package
Posted by Dave Bauer on 06/20/02 04:54 PM
I am working on ETP 2.0, and I think I need one privilege that is not
in the standard set of read, write, create, delete, admin.

I can create this additional privilege, etp_publish as a child of admin.

Is there any reason to create new copies of read,write, etc... for a
package if the standard ones will work?

Collapse
2: Response to Custom privileges for a package (response to 1)
Posted by Don Baccus on 06/21/02 09:01 AM
The whole issue of replicated permissions is unsolved as there still seems to be differing opinions.  IMO the answer is "no", but I'm just one voice.

"publish" is so common to the CR paradigm that it ought to be declared there, perhaps with "edit" as well.  That's my off-the-top notion, anyway.

Collapse
3: Response to Custom privileges for a package (response to 1)
Posted by Jon Griffin on 06/21/02 04:30 PM
I also say no.

In the beginning days of ACS 4 most of the package porters at AD created priviliges sub classed from the main set of permissions.

After some thought and learning it was determined that the only real need for a permission is when the standard ones don't work. I also don't see what creating etp_publish as a child of admin buys you. You will in effect be giving them admin permissions anyway. What does a person with publish permission do different from an admin?

Collapse
4: Response to Custom privileges for a package (response to 1)
Posted by Dave Bauer on 06/21/02 05:11 PM
Jon,

My reasoning for a seperate publish privilege was so that you could appoint a news admin that could post new stories and moderate suggested stories, but not do the other admin tasks, like changing the application type, adding permissions, that a package admin would be able to do.

Collapse
5: Response to Custom privileges for a package (response to 1)
Posted by Barry Books on 06/21/02 05:34 PM
If it were me I'd create a publish package and mount it under ETP and grant people read access to that instance if you'd like them to view publish stats, write to allow them to publish and admin to allow them to admin the publish system. I think that it's cleaner and works better with the existing permission model. You could write the code in such a way that an ETP publish package mounted on a subsite can publish any ETP package below it.
Collapse
6: Response to Custom privileges for a package (response to 1)
Posted by Jon Griffin on 06/21/02 06:44 PM
In that case if read/write don't do the job I think you are correct to add a privilege. It doesn't need to inherit from admin though.
Collapse
7: Response to Custom privileges for a package (response to 1)
Posted by John Mileham on 06/21/02 06:51 PM
It should if you want people with admin on object 0 to be able to do the action.  What's the current state of that debate?  I fall on the everything-should-inherit-from-admin side of the fence, personally.
Collapse
8: Response to Custom privileges for a package (response to 1)
Posted by Jon Griffin on 06/21/02 10:59 PM
Your right I forgot about that. Inherit from the base perms if you need to create a new permission, but make sure you really need it.