[geeklog-devel] GL2 ACL

Tony Bibbs tony at tonybibbs.com
Wed Dec 15 12:39:10 EST 2004

Vinny, any chance you can I can hash this out ASAP? I've a minimalist 
data model created that I'd like to pipe through Propel.  I know a lot 
will change but it will at least put the whole security issue to bed.  
I've been in IRC hoping to catch up with you but gl-bot keeps telling me 
you haven't been around in 9 days ;-)

Also, I'm thinking strongly about not including Auth_Enterprise by 
default.  I think GL2 should function alone and allow it to be easily 
customized to use any auth system.  Auth_Enterprise is a real work of 
art but I think the installation and administration is complex and would 
only suit large or business oriented sites.


Tony Bibbs wrote:

> Vincent Furia wrote:
>> Actually I don't think performance will be a problem.  All that needs
>> to be done is a single SQL call with a straight join or two DB calls. 
>> I suspect that Propel will do the latter. 
> We can force Propel to do it the way we ask.  If it natively wants to 
> do 2 calls we can use a named query and force a join instead.  There 
> may even be a way to do the joins with the Propel models themselves 
> but this I haven't tried yet.
>> Yes, though I still will argue that Geeklog should keep a
>> "permissions" table (story.edit, etc) internally and ACLs should be
>> kept against that as well.  But I bet Tony and I will talk about that
>> later. :)
> Right, the system privileges would go in Auth_Enterprise.  The 
> item-level settings would go in the gl-database.  Of course, we will 
> combine the data structures of the two so we are really talking about 
> the same database.
>> And so people know where I got most of these ideas: I did a lot of
>> work with the Andrew File System (AFS) in school, and grew to really
>> like the granularity of its permissions system.  Heres a web site that
>> goes into the basics of that:
>> http://www.psc.edu/general/filesys/afs/setpermissions.html.  Hopefully
>> you'll be able to see what I was shooting for.
> Didn't know that.  I'll have to take a gander.
> --Tony
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel

More information about the geeklog-devel mailing list