Forum OpenACS Development: acs_privacy procs

Collapse
1: acs_privacy procs
Posted by Antonio Pisano on 09/07/22 02:38 PM
Dear all

another question that I put to the public. Whilst working on the api coverage I have stumbled upon the api defined in

https://openacs.org/api-doc/procs-file-view?path=packages/acs-tcl/tcl/acs-private-data-procs.tcl

For all of these, the only occurrences I have found were in the context of dotlrn, that create an own api wrapping this one in

https://fisheye.openacs.org/browse/~br=oacs-5-10/OpenACS/openacs-4/packages/dotlrn/tcl/dotlrn-security-procs.tcl?hb=true

One exception is the forums-portlet, where the api is used "unwrapped", but with a TODO comment mentioning there might be something unfinished in there

https://fisheye.openacs.org/browse/~br=oacs-5-10/OpenACS/openacs-4/packages/forums-portlet/www/forums-portlet.tcl?hb=true

Now, what I would do here, given that dotlrn seems to have "adopted" this api, would be to move it in the dotlrn package and/or deprecated it and inline its little content in the already existing dotlrn wrappers. This would include migrating the PrivacyControlEnabledP parameter from acs-kernel into dotlrn (or not, as dotlrn also has its own "protect_private_data_p" parameter). The special forums-portlet case should then be massaged e.g. to use the dotlrn api instead of the acs one.

One argument for my proposal is that in the "regular" OpenACS, permission is handled since a very long time via the site nodes and the packages mounted underneath, so we could say that whatever "privacy" concept was intended by this api is already on and enforced by default via the permission system.

Additional ways exist to enforce permissions e.g. at the script level via the permission::* api (Claudio did something like this in Oasi Software). In XoWiki and XoWf by Gustaf, via the "Policy" mechanism, one can define permissions at the object and method level. None of these techniques use the acs_privacy::* api and I cannot argue in a direction that they should...

Hence I would ask to you
* do you have ever used the acs_privacy api in your downstream application? And how?
* if this were to go away e.g. via the path I have detailed, and be absorbed by dotlrn, would this be a problem for you?

Many thanks for any pointer

Ciao

Antonio

Collapse
2: Re: acs_privacy procs (response to 1)
Posted by Brian Fenton on 09/09/22 12:13 PM
Ciao Antonio

I actually never heard of this feature, and can confirm that we never use it.

Brian