Forum OpenACS Development: Custom privileges for a package

Collapse
Posted by Dave Bauer on
I am working on ETP 2.0, and I think I need one privilege that is not
in the standard set of read, write, create, delete, admin.

I can create this additional privilege, etp_publish as a child of admin.

Is there any reason to create new copies of read,write, etc... for a
package if the standard ones will work?

Collapse
Posted by Don Baccus on
The whole issue of replicated permissions is unsolved as there still seems to be differing opinions.  IMO the answer is "no", but I'm just one voice.

"publish" is so common to the CR paradigm that it ought to be declared there, perhaps with "edit" as well.  That's my off-the-top notion, anyway.

Collapse
Posted by Jon Griffin on
I also say no.

In the beginning days of ACS 4 most of the package porters at AD created priviliges sub classed from the main set of permissions.

After some thought and learning it was determined that the only real need for a permission is when the standard ones don't work. I also don't see what creating etp_publish as a child of admin buys you. You will in effect be giving them admin permissions anyway. What does a person with publish permission do different from an admin?

Collapse
Posted by Dave Bauer on
Jon,

My reasoning for a seperate publish privilege was so that you could appoint a news admin that could post new stories and moderate suggested stories, but not do the other admin tasks, like changing the application type, adding permissions, that a package admin would be able to do.

Collapse
Posted by Barry Books on
If it were me I'd create a publish package and mount it under ETP and grant people read access to that instance if you'd like them to view publish stats, write to allow them to publish and admin to allow them to admin the publish system. I think that it's cleaner and works better with the existing permission model. You could write the code in such a way that an ETP publish package mounted on a subsite can publish any ETP package below it.
Collapse
Posted by Jon Griffin on
In that case if read/write don't do the job I think you are correct to add a privilege. It doesn't need to inherit from admin though.
Collapse
Posted by John Mileham on
It should if you want people with admin on object 0 to be able to do the action.  What's the current state of that debate?  I fall on the everything-should-inherit-from-admin side of the fence, personally.
Collapse
Posted by Jon Griffin on
Your right I forgot about that. Inherit from the base perms if you need to create a new permission, but make sure you really need it.