[geeklog-devel] GL2 ACL

Tony Bibbs tony at tonybibbs.com
Wed Dec 15 14:04:19 EST 2004


Vinny, here is a link to the original model well over a year old:

http://geeklog.tsystemscorp.com/staticpages/index.php?page=20030612212743102

Is the itemACL table the same as you were envisioning it?

--Tony

Tony Bibbs wrote:

> Can you send me the CREATE TABLE syntax with the ACL stuff in it?  As 
> an FYI, I'm modeling everything in the database and generating the 
> schema.xml from it as opposed to the other way around.
>
> I'll work on the rest of the kernel-only datastructures.  We'll want 
> to bring Dwight in soon for a real DBA's perspective and then we can 
> open up that work to the community for fruther scrutiny.
>
> --Tony
>
> Vincent Furia wrote:
>
>> Not sure when I'll have time to spend on IRC (I can't do that from
>> work).  If you just use propel to generate the basic data model for
>> the ACLs I think that would be a good start.  I think either of us
>> could write the xml for that...then its probably just a matter of
>> extending the acl and item classes that propel creates (and
>> potentially the peer classes as well).
>>
>> Extending the classes can come later though.  First things first, and
>> that is getting the xml schema done...  First one to get it done email
>> the other?  I wasn't sure how much you might have coded up already. 
>> We should get the schema.xml for GL2 "core" done soon at any rate I
>> think...
>>
>> Let me know which way you want to play it.  I'm game.  I should have
>> one or two hours every night this week and then a couple over the
>> weekend as well to work on some stuff.
>>
>> The decision on Auth_Enterprise sounds good to me.  Propel can
>> generate some nice simple user and group tables for us to work with.
>>
>> -Vinny
>>
>> P.S. Might it be time for a separate GL2-devel mailing list?
>>
>> On Wed, 15 Dec 2004 11:39:10 -0600, Tony Bibbs <tony at tonybibbs.com> 
>> wrote:
>>  
>>
>>> Vinny, any chance you can I can hash this out ASAP? I've a minimalist
>>> data model created that I'd like to pipe through Propel.  I know a lot
>>> will change but it will at least put the whole security issue to bed.
>>> I've been in IRC hoping to catch up with you but gl-bot keeps 
>>> telling me
>>> you haven't been around in 9 days ;-)
>>>
>>> Also, I'm thinking strongly about not including Auth_Enterprise by
>>> default.  I think GL2 should function alone and allow it to be easily
>>> customized to use any auth system.  Auth_Enterprise is a real work of
>>> art but I think the installation and administration is complex and 
>>> would
>>> only suit large or business oriented sites.
>>>
>>> --Tony
>>>
>>> Tony Bibbs wrote:
>>>
>>>   
>>>
>>>> Vincent Furia wrote:
>>>>
>>>>     
>>>>
>>>>> Actually I don't think performance will be a problem.  All that needs
>>>>> to be done is a single SQL call with a straight join or two DB calls.
>>>>> I suspect that Propel will do the latter.
>>>>>       
>>>>
>>>> We can force Propel to do it the way we ask.  If it natively wants to
>>>> do 2 calls we can use a named query and force a join instead.  There
>>>> may even be a way to do the joins with the Propel models themselves
>>>> but this I haven't tried yet.
>>>>
>>>>     
>>>>
>>>>> Yes, though I still will argue that Geeklog should keep a
>>>>> "permissions" table (story.edit, etc) internally and ACLs should be
>>>>> kept against that as well.  But I bet Tony and I will talk about that
>>>>> later. :)
>>>>>
>>>>>
>>>>>       
>>>>
>>>> Right, the system privileges would go in Auth_Enterprise.  The
>>>> item-level settings would go in the gl-database.  Of course, we will
>>>> combine the data structures of the two so we are really talking about
>>>> the same database.
>>>>
>>>>     
>>>>
>>>>> And so people know where I got most of these ideas: I did a lot of
>>>>> work with the Andrew File System (AFS) in school, and grew to really
>>>>> like the granularity of its permissions system.  Heres a web site 
>>>>> that
>>>>> goes into the basics of that:
>>>>> http://www.psc.edu/general/filesys/afs/setpermissions.html.  
>>>>> Hopefully
>>>>> you'll be able to see what I was shooting for.
>>>>>
>>>>>
>>>>>       
>>>>
>>>> Didn't know that.  I'll have to take a gander.
>>>>
>>>> --Tony
>>>> _______________________________________________
>>>> geeklog-devel mailing list
>>>> geeklog-devel at lists.geeklog.net
>>>> http://lists.geeklog.net/listinfo/geeklog-devel
>>>>     
>>>
>>> _______________________________________________
>>> geeklog-devel mailing list
>>> geeklog-devel at lists.geeklog.net
>>> http://lists.geeklog.net/listinfo/geeklog-devel
>>>
>>>   
>>
>> _______________________________________________
>> geeklog-devel mailing list
>> geeklog-devel at lists.geeklog.net
>> http://lists.geeklog.net/listinfo/geeklog-devel
>>  
>>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel





More information about the geeklog-devel mailing list