[geeklog-devel] GL2 ACL
Tony Bibbs
tony at tonybibbs.com
Tue Dec 14 09:30:47 EST 2004
Vincent Furia wrote:
>Actually I don't think performance will be a problem. All that needs
>to be done is a single SQL call with a straight join or two DB calls.
>I suspect that Propel will do the latter.
>
We can force Propel to do it the way we ask. If it natively wants to do
2 calls we can use a named query and force a join instead. There may
even be a way to do the joins with the Propel models themselves but this
I haven't tried yet.
>Yes, though I still will argue that Geeklog should keep a
>"permissions" table (story.edit, etc) internally and ACLs should be
>kept against that as well. But I bet Tony and I will talk about that
>later. :)
>
>
Right, the system privileges would go in Auth_Enterprise. The
item-level settings would go in the gl-database. Of course, we will
combine the data structures of the two so we are really talking about
the same database.
>And so people know where I got most of these ideas: I did a lot of
>work with the Andrew File System (AFS) in school, and grew to really
>like the granularity of its permissions system. Heres a web site that
>goes into the basics of that:
>http://www.psc.edu/general/filesys/afs/setpermissions.html. Hopefully
>you'll be able to see what I was shooting for.
>
>
Didn't know that. I'll have to take a gander.
--Tony
More information about the geeklog-devel
mailing list