Forum OpenACS Development: Response to application-specific permissions

Collapse
Posted by Robert Locke on
Just for kicks, for one project, I removed the app-specific permissions from the news module and replaced them with their system-wide counterparts.  In other words, news-admin -> admin, news-create -> create, news-read -> read, etc, etc.

I then gave the "client_admin" group explicit "admin" permission for a particular news instance.  As expected, the "admin" permission only applied to that news site-node, and did not extend to other parts of the site.  Very clean and simple.

It worked great, and I haven't noticed any side-effects.  And in general I tend to agree that app-specific permissions should be avoided wherever possible.