[geeklog-devel] GL2 ACL

Vincent Furia vfuria at gmail.com
Wed Dec 15 13:03:19 EST 2004

Not sure when I'll have time to spend on IRC (I can't do that from
work).  If you just use propel to generate the basic data model for
the ACLs I think that would be a good start.  I think either of us
could write the xml for that...then its probably just a matter of
extending the acl and item classes that propel creates (and
potentially the peer classes as well).

Extending the classes can come later though.  First things first, and
that is getting the xml schema done...  First one to get it done email
the other?  I wasn't sure how much you might have coded up already. 
We should get the schema.xml for GL2 "core" done soon at any rate I

Let me know which way you want to play it.  I'm game.  I should have
one or two hours every night this week and then a couple over the
weekend as well to work on some stuff.

The decision on Auth_Enterprise sounds good to me.  Propel can
generate some nice simple user and group tables for us to work with.


P.S. Might it be time for a separate GL2-devel mailing list?

On Wed, 15 Dec 2004 11:39:10 -0600, Tony Bibbs <tony at tonybibbs.com> wrote:
> Vinny, any chance you can I can hash this out ASAP? I've a minimalist
> data model created that I'd like to pipe through Propel.  I know a lot
> will change but it will at least put the whole security issue to bed.
> I've been in IRC hoping to catch up with you but gl-bot keeps telling me
> you haven't been around in 9 days ;-)
> Also, I'm thinking strongly about not including Auth_Enterprise by
> default.  I think GL2 should function alone and allow it to be easily
> customized to use any auth system.  Auth_Enterprise is a real work of
> art but I think the installation and administration is complex and would
> only suit large or business oriented sites.
> --Tony
> Tony Bibbs wrote:
> > Vincent Furia wrote:
> >
> >> Actually I don't think performance will be a problem.  All that needs
> >> to be done is a single SQL call with a straight join or two DB calls.
> >> I suspect that Propel will do the latter.
> >
> > We can force Propel to do it the way we ask.  If it natively wants to
> > do 2 calls we can use a named query and force a join instead.  There
> > may even be a way to do the joins with the Propel models themselves
> > but this I haven't tried yet.
> >
> >> Yes, though I still will argue that Geeklog should keep a
> >> "permissions" table (story.edit, etc) internally and ACLs should be
> >> kept against that as well.  But I bet Tony and I will talk about that
> >> later. :)
> >>
> >>
> > Right, the system privileges would go in Auth_Enterprise.  The
> > item-level settings would go in the gl-database.  Of course, we will
> > combine the data structures of the two so we are really talking about
> > the same database.
> >
> >> And so people know where I got most of these ideas: I did a lot of
> >> work with the Andrew File System (AFS) in school, and grew to really
> >> like the granularity of its permissions system.  Heres a web site that
> >> goes into the basics of that:
> >> http://www.psc.edu/general/filesys/afs/setpermissions.html.  Hopefully
> >> you'll be able to see what I was shooting for.
> >>
> >>
> > Didn't know that.  I'll have to take a gander.
> >
> > --Tony
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel

More information about the geeklog-devel mailing list