[geeklog-devel] GL2 ACL
Tony Bibbs
tony at tonybibbs.com
Wed Dec 15 13:38:53 EST 2004
Can you send me the CREATE TABLE syntax with the ACL stuff in it? As an
FYI, I'm modeling everything in the database and generating the
schema.xml from it as opposed to the other way around.
I'll work on the rest of the kernel-only datastructures. We'll want to
bring Dwight in soon for a real DBA's perspective and then we can open
up that work to the community for fruther scrutiny.
--Tony
Vincent Furia wrote:
>Not sure when I'll have time to spend on IRC (I can't do that from
>work). If you just use propel to generate the basic data model for
>the ACLs I think that would be a good start. I think either of us
>could write the xml for that...then its probably just a matter of
>extending the acl and item classes that propel creates (and
>potentially the peer classes as well).
>
>Extending the classes can come later though. First things first, and
>that is getting the xml schema done... First one to get it done email
>the other? I wasn't sure how much you might have coded up already.
>We should get the schema.xml for GL2 "core" done soon at any rate I
>think...
>
>Let me know which way you want to play it. I'm game. I should have
>one or two hours every night this week and then a couple over the
>weekend as well to work on some stuff.
>
>The decision on Auth_Enterprise sounds good to me. Propel can
>generate some nice simple user and group tables for us to work with.
>
>-Vinny
>
>P.S. Might it be time for a separate GL2-devel mailing list?
>
>On Wed, 15 Dec 2004 11:39:10 -0600, Tony Bibbs <tony at tonybibbs.com> wrote:
>
>
>>Vinny, any chance you can I can hash this out ASAP? I've a minimalist
>>data model created that I'd like to pipe through Propel. I know a lot
>>will change but it will at least put the whole security issue to bed.
>>I've been in IRC hoping to catch up with you but gl-bot keeps telling me
>>you haven't been around in 9 days ;-)
>>
>>Also, I'm thinking strongly about not including Auth_Enterprise by
>>default. I think GL2 should function alone and allow it to be easily
>>customized to use any auth system. Auth_Enterprise is a real work of
>>art but I think the installation and administration is complex and would
>>only suit large or business oriented sites.
>>
>>--Tony
>>
>>Tony Bibbs wrote:
>>
>>
>>
>>>Vincent Furia wrote:
>>>
>>>
>>>
>>>>Actually I don't think performance will be a problem. All that needs
>>>>to be done is a single SQL call with a straight join or two DB calls.
>>>>I suspect that Propel will do the latter.
>>>>
>>>>
>>>We can force Propel to do it the way we ask. If it natively wants to
>>>do 2 calls we can use a named query and force a join instead. There
>>>may even be a way to do the joins with the Propel models themselves
>>>but this I haven't tried yet.
>>>
>>>
>>>
>>>>Yes, though I still will argue that Geeklog should keep a
>>>>"permissions" table (story.edit, etc) internally and ACLs should be
>>>>kept against that as well. But I bet Tony and I will talk about that
>>>>later. :)
>>>>
>>>>
>>>>
>>>>
>>>Right, the system privileges would go in Auth_Enterprise. The
>>>item-level settings would go in the gl-database. Of course, we will
>>>combine the data structures of the two so we are really talking about
>>>the same database.
>>>
>>>
>>>
>>>>And so people know where I got most of these ideas: I did a lot of
>>>>work with the Andrew File System (AFS) in school, and grew to really
>>>>like the granularity of its permissions system. Heres a web site that
>>>>goes into the basics of that:
>>>>http://www.psc.edu/general/filesys/afs/setpermissions.html. Hopefully
>>>>you'll be able to see what I was shooting for.
>>>>
>>>>
>>>>
>>>>
>>>Didn't know that. I'll have to take a gander.
>>>
>>>--Tony
>>>_______________________________________________
>>>geeklog-devel mailing list
>>>geeklog-devel at lists.geeklog.net
>>>http://lists.geeklog.net/listinfo/geeklog-devel
>>>
>>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>
>>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
More information about the geeklog-devel
mailing list