[geeklog-devel] GL2 ACL

Vincent Furia vfuria at gmail.com
Wed Dec 15 14:27:11 EST 2004


Yup, though you'd probably want to throw an autoincrement int in front
as a primary key.  Indexes would have go on user_id and group_id and
item_id.

Also, I'd like to vote for writing the xml and then generating the sql
ddl rather than the other way around.  It seems much cleaner to me.

-Vinny


On Wed, 15 Dec 2004 13:04:19 -0600, Tony Bibbs <tony at tonybibbs.com> wrote:
> Vinny, here is a link to the original model well over a year old:
> 
> http://geeklog.tsystemscorp.com/staticpages/index.php?page=20030612212743102
> 
> Is the itemACL table the same as you were envisioning it?
> 
> --Tony
> 
> Tony Bibbs wrote:
> 
> > Can you send me the CREATE TABLE syntax with the ACL stuff in it?  As
> > an FYI, I'm modeling everything in the database and generating the
> > schema.xml from it as opposed to the other way around.
> >
> > I'll work on the rest of the kernel-only datastructures.  We'll want
> > to bring Dwight in soon for a real DBA's perspective and then we can
> > open up that work to the community for fruther scrutiny.
> >
> > --Tony
> >
> > Vincent Furia wrote:
> >
> >> Not sure when I'll have time to spend on IRC (I can't do that from
> >> work).  If you just use propel to generate the basic data model for
> >> the ACLs I think that would be a good start.  I think either of us
> >> could write the xml for that...then its probably just a matter of
> >> extending the acl and item classes that propel creates (and
> >> potentially the peer classes as well).
> >>
> >> Extending the classes can come later though.  First things first, and
> >> that is getting the xml schema done...  First one to get it done email
> >> the other?  I wasn't sure how much you might have coded up already.
> >> We should get the schema.xml for GL2 "core" done soon at any rate I
> >> think...
> >>
> >> Let me know which way you want to play it.  I'm game.  I should have
> >> one or two hours every night this week and then a couple over the
> >> weekend as well to work on some stuff.
> >>
> >> The decision on Auth_Enterprise sounds good to me.  Propel can
> >> generate some nice simple user and group tables for us to work with.
> >>
> >> -Vinny
> >>
> >> P.S. Might it be time for a separate GL2-devel mailing list?
> >>
> >> On Wed, 15 Dec 2004 11:39:10 -0600, Tony Bibbs <tony at tonybibbs.com>
> >> wrote:
> >>
> >>
> >>> Vinny, any chance you can I can hash this out ASAP? I've a minimalist
> >>> data model created that I'd like to pipe through Propel.  I know a lot
> >>> will change but it will at least put the whole security issue to bed.
> >>> I've been in IRC hoping to catch up with you but gl-bot keeps
> >>> telling me
> >>> you haven't been around in 9 days ;-)
> >>>
> >>> Also, I'm thinking strongly about not including Auth_Enterprise by
> >>> default.  I think GL2 should function alone and allow it to be easily
> >>> customized to use any auth system.  Auth_Enterprise is a real work of
> >>> art but I think the installation and administration is complex and
> >>> would
> >>> only suit large or business oriented sites.
> >>>
> >>> --Tony
> >>>
> >>> Tony Bibbs wrote:
> >>>
> >>>
> >>>
> >>>> Vincent Furia wrote:
> >>>>
> >>>>
> >>>>
> >>>>> Actually I don't think performance will be a problem.  All that needs
> >>>>> to be done is a single SQL call with a straight join or two DB calls.
> >>>>> I suspect that Propel will do the latter.
> >>>>>
> >>>>
> >>>> We can force Propel to do it the way we ask.  If it natively wants to
> >>>> do 2 calls we can use a named query and force a join instead.  There
> >>>> may even be a way to do the joins with the Propel models themselves
> >>>> but this I haven't tried yet.
> >>>>
> >>>>
> >>>>
> >>>>> Yes, though I still will argue that Geeklog should keep a
> >>>>> "permissions" table (story.edit, etc) internally and ACLs should be
> >>>>> kept against that as well.  But I bet Tony and I will talk about that
> >>>>> later. :)
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>> Right, the system privileges would go in Auth_Enterprise.  The
> >>>> item-level settings would go in the gl-database.  Of course, we will
> >>>> combine the data structures of the two so we are really talking about
> >>>> the same database.
> >>>>
> >>>>
> >>>>
> >>>>> And so people know where I got most of these ideas: I did a lot of
> >>>>> work with the Andrew File System (AFS) in school, and grew to really
> >>>>> like the granularity of its permissions system.  Heres a web site
> >>>>> that
> >>>>> goes into the basics of that:
> >>>>> http://www.psc.edu/general/filesys/afs/setpermissions.html.
> >>>>> Hopefully
> >>>>> you'll be able to see what I was shooting for.
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>> Didn't know that.  I'll have to take a gander.
> >>>>
> >>>> --Tony
> >>>> _______________________________________________
> >>>> geeklog-devel mailing list
> >>>> geeklog-devel at lists.geeklog.net
> >>>> http://lists.geeklog.net/listinfo/geeklog-devel
> >>>>
> >>>
> >>> _______________________________________________
> >>> geeklog-devel mailing list
> >>> geeklog-devel at lists.geeklog.net
> >>> http://lists.geeklog.net/listinfo/geeklog-devel
> >>>
> >>>
> >>
> >> _______________________________________________
> >> geeklog-devel mailing list
> >> geeklog-devel at lists.geeklog.net
> >> http://lists.geeklog.net/listinfo/geeklog-devel
> >>
> >>
> >
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>



More information about the geeklog-devel mailing list