[geeklog-devel] GL2 ACL

Tony Bibbs tony at tonybibbs.com
Wed Dec 15 14:04:19 EST 2004

Previous message: [geeklog-devel] GL2 ACL
Next message: [geeklog-devel] GL2 ACL
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vinny, here is a link to the original model well over a year old:

http://geeklog.tsystemscorp.com/staticpages/index.php?page=20030612212743102

Is the itemACL table the same as you were envisioning it?

--Tony

Tony Bibbs wrote:

> Can you send me the CREATE TABLE syntax with the ACL stuff in it? As

> an FYI, I'm modeling everything in the database and generating the

> schema.xml from it as opposed to the other way around.

>

> I'll work on the rest of the kernel-only datastructures. We'll want

> to bring Dwight in soon for a real DBA's perspective and then we can

> open up that work to the community for fruther scrutiny.

>

> --Tony

>

> Vincent Furia wrote:

>

>> Not sure when I'll have time to spend on IRC (I can't do that from

>> work). If you just use propel to generate the basic data model for

>> the ACLs I think that would be a good start. I think either of us

>> could write the xml for that...then its probably just a matter of

>> extending the acl and item classes that propel creates (and

>> potentially the peer classes as well).

>>

>> Extending the classes can come later though. First things first, and

>> that is getting the xml schema done... First one to get it done email

>> the other? I wasn't sure how much you might have coded up already.

>> We should get the schema.xml for GL2 "core" done soon at any rate I

>> think...

>>

>> Let me know which way you want to play it. I'm game. I should have

>> one or two hours every night this week and then a couple over the

>> weekend as well to work on some stuff.

>>

>> The decision on Auth_Enterprise sounds good to me. Propel can

>> generate some nice simple user and group tables for us to work with.

>>

>> -Vinny

>>

>> P.S. Might it be time for a separate GL2-devel mailing list?

>>

>> On Wed, 15 Dec 2004 11:39:10 -0600, Tony Bibbs <tony at tonybibbs.com>

>> wrote:

>>

>>

>>> Vinny, any chance you can I can hash this out ASAP? I've a minimalist

>>> data model created that I'd like to pipe through Propel. I know a lot

>>> will change but it will at least put the whole security issue to bed.

>>> I've been in IRC hoping to catch up with you but gl-bot keeps

>>> telling me

>>> you haven't been around in 9 days ;-)

>>>

>>> Also, I'm thinking strongly about not including Auth_Enterprise by

>>> default. I think GL2 should function alone and allow it to be easily

>>> customized to use any auth system. Auth_Enterprise is a real work of

>>> art but I think the installation and administration is complex and

>>> would

>>> only suit large or business oriented sites.

>>>

>>> --Tony

>>>

>>> Tony Bibbs wrote:

>>>

>>>

>>>

>>>> Vincent Furia wrote:

>>>>

>>>>

>>>>

>>>>> Actually I don't think performance will be a problem. All that needs

>>>>> to be done is a single SQL call with a straight join or two DB calls.

>>>>> I suspect that Propel will do the latter.

>>>>>

>>>>

>>>> We can force Propel to do it the way we ask. If it natively wants to

>>>> do 2 calls we can use a named query and force a join instead. There

>>>> may even be a way to do the joins with the Propel models themselves

>>>> but this I haven't tried yet.

>>>>

>>>>

>>>>

>>>>> Yes, though I still will argue that Geeklog should keep a

>>>>> "permissions" table (story.edit, etc) internally and ACLs should be

>>>>> kept against that as well. But I bet Tony and I will talk about that

>>>>> later. :)

>>>>>

>>>>>

>>>>>

>>>>

>>>> Right, the system privileges would go in Auth_Enterprise. The

>>>> item-level settings would go in the gl-database. Of course, we will

>>>> combine the data structures of the two so we are really talking about

>>>> the same database.

>>>>

>>>>

>>>>

>>>>> And so people know where I got most of these ideas: I did a lot of

>>>>> work with the Andrew File System (AFS) in school, and grew to really

>>>>> like the granularity of its permissions system. Heres a web site

>>>>> that

>>>>> goes into the basics of that:

>>>>> http://www.psc.edu/general/filesys/afs/setpermissions.html.

>>>>> Hopefully

>>>>> you'll be able to see what I was shooting for.

>>>>>

>>>>>

>>>>>

>>>>

>>>> Didn't know that. I'll have to take a gander.

>>>>

>>>> --Tony

>>>> _______________________________________________

>>>> geeklog-devel mailing list

>>>> geeklog-devel at lists.geeklog.net

>>>> http://lists.geeklog.net/listinfo/geeklog-devel

>>>>

>>>

>>> _______________________________________________

>>> geeklog-devel mailing list

>>> geeklog-devel at lists.geeklog.net

>>> http://lists.geeklog.net/listinfo/geeklog-devel

>>>

>>>

>>

>> _______________________________________________

>> geeklog-devel mailing list

>> geeklog-devel at lists.geeklog.net

>> http://lists.geeklog.net/listinfo/geeklog-devel

>>

>>

>

> _______________________________________________

> geeklog-devel mailing list

> geeklog-devel at lists.geeklog.net

> http://lists.geeklog.net/listinfo/geeklog-devel

Previous message: [geeklog-devel] GL2 ACL
Next message: [geeklog-devel] GL2 ACL
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list