[geeklog-devtalk] geeklog-devel digest, Vol 1 #451 - 8 msgs
geeklog-devel-request at lists.geeklog.net
geeklog-devel-request at lists.geeklog.net
Wed Dec 15 15:51:01 EST 2004
Send geeklog-devel mailing list submissions to
geeklog-devel at lists.geeklog.net
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
geeklog-devel-request at lists.geeklog.net
You can reach the person managing the list at
geeklog-devel-admin at lists.geeklog.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."
Today's Topics:
1. Re: GL2 ACL (Vincent Furia)
2. Re: GL2 ACL (Tony Bibbs)
3. Re: GL2 ACL (Tony Bibbs)
4. Re: GL2 ACL (Vincent Furia)
5. Re: GL2 ACL (dwight at trumbower.com)
6. Re: GL2 ACL (Tony Bibbs)
7. Blocks in GL2 as Plugin? (Tony Bibbs)
8. Custom user attributes in GL2 (Tony Bibbs)
--__--__--
Message: 1
Date: Wed, 15 Dec 2004 13:03:19 -0500
From: Vincent Furia <vfuria at gmail.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] GL2 ACL
Reply-To: geeklog-devel at lists.geeklog.net
Not sure when I'll have time to spend on IRC (I can't do that from
work). If you just use propel to generate the basic data model for
the ACLs I think that would be a good start. I think either of us
could write the xml for that...then its probably just a matter of
extending the acl and item classes that propel creates (and
potentially the peer classes as well).
Extending the classes can come later though. First things first, and
that is getting the xml schema done... First one to get it done email
the other? I wasn't sure how much you might have coded up already.
We should get the schema.xml for GL2 "core" done soon at any rate I
think...
Let me know which way you want to play it. I'm game. I should have
one or two hours every night this week and then a couple over the
weekend as well to work on some stuff.
The decision on Auth_Enterprise sounds good to me. Propel can
generate some nice simple user and group tables for us to work with.
-Vinny
P.S. Might it be time for a separate GL2-devel mailing list?
On Wed, 15 Dec 2004 11:39:10 -0600, Tony Bibbs <tony at tonybibbs.com> wrote:
> Vinny, any chance you can I can hash this out ASAP? I've a minimalist
> data model created that I'd like to pipe through Propel. I know a lot
> will change but it will at least put the whole security issue to bed.
> I've been in IRC hoping to catch up with you but gl-bot keeps telling me
> you haven't been around in 9 days ;-)
>
> Also, I'm thinking strongly about not including Auth_Enterprise by
> default. I think GL2 should function alone and allow it to be easily
> customized to use any auth system. Auth_Enterprise is a real work of
> art but I think the installation and administration is complex and would
> only suit large or business oriented sites.
>
> --Tony
>
> Tony Bibbs wrote:
>
> > Vincent Furia wrote:
> >
> >> Actually I don't think performance will be a problem. All that needs
> >> to be done is a single SQL call with a straight join or two DB calls.
> >> I suspect that Propel will do the latter.
> >
> > We can force Propel to do it the way we ask. If it natively wants to
> > do 2 calls we can use a named query and force a join instead. There
> > may even be a way to do the joins with the Propel models themselves
> > but this I haven't tried yet.
> >
> >> Yes, though I still will argue that Geeklog should keep a
> >> "permissions" table (story.edit, etc) internally and ACLs should be
> >> kept against that as well. But I bet Tony and I will talk about that
> >> later. :)
> >>
> >>
> > Right, the system privileges would go in Auth_Enterprise. The
> > item-level settings would go in the gl-database. Of course, we will
> > combine the data structures of the two so we are really talking about
> > the same database.
> >
> >> And so people know where I got most of these ideas: I did a lot of
> >> work with the Andrew File System (AFS) in school, and grew to really
> >> like the granularity of its permissions system. Heres a web site that
> >> goes into the basics of that:
> >> http://www.psc.edu/general/filesys/afs/setpermissions.html. Hopefully
> >> you'll be able to see what I was shooting for.
> >>
> >>
> > Didn't know that. I'll have to take a gander.
> >
> > --Tony
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
--__--__--
Message: 2
Date: Wed, 15 Dec 2004 12:38:53 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] GL2 ACL
Reply-To: geeklog-devel at lists.geeklog.net
Can you send me the CREATE TABLE syntax with the ACL stuff in it? As an
FYI, I'm modeling everything in the database and generating the
schema.xml from it as opposed to the other way around.
I'll work on the rest of the kernel-only datastructures. We'll want to
bring Dwight in soon for a real DBA's perspective and then we can open
up that work to the community for fruther scrutiny.
--Tony
Vincent Furia wrote:
>Not sure when I'll have time to spend on IRC (I can't do that from
>work). If you just use propel to generate the basic data model for
>the ACLs I think that would be a good start. I think either of us
>could write the xml for that...then its probably just a matter of
>extending the acl and item classes that propel creates (and
>potentially the peer classes as well).
>
>Extending the classes can come later though. First things first, and
>that is getting the xml schema done... First one to get it done email
>the other? I wasn't sure how much you might have coded up already.
>We should get the schema.xml for GL2 "core" done soon at any rate I
>think...
>
>Let me know which way you want to play it. I'm game. I should have
>one or two hours every night this week and then a couple over the
>weekend as well to work on some stuff.
>
>The decision on Auth_Enterprise sounds good to me. Propel can
>generate some nice simple user and group tables for us to work with.
>
>-Vinny
>
>P.S. Might it be time for a separate GL2-devel mailing list?
>
>On Wed, 15 Dec 2004 11:39:10 -0600, Tony Bibbs <tony at tonybibbs.com> wrote:
>
>
>>Vinny, any chance you can I can hash this out ASAP? I've a minimalist
>>data model created that I'd like to pipe through Propel. I know a lot
>>will change but it will at least put the whole security issue to bed.
>>I've been in IRC hoping to catch up with you but gl-bot keeps telling me
>>you haven't been around in 9 days ;-)
>>
>>Also, I'm thinking strongly about not including Auth_Enterprise by
>>default. I think GL2 should function alone and allow it to be easily
>>customized to use any auth system. Auth_Enterprise is a real work of
>>art but I think the installation and administration is complex and would
>>only suit large or business oriented sites.
>>
>>--Tony
>>
>>Tony Bibbs wrote:
>>
>>
>>
>>>Vincent Furia wrote:
>>>
>>>
>>>
>>>>Actually I don't think performance will be a problem. All that needs
>>>>to be done is a single SQL call with a straight join or two DB calls.
>>>>I suspect that Propel will do the latter.
>>>>
>>>>
>>>We can force Propel to do it the way we ask. If it natively wants to
>>>do 2 calls we can use a named query and force a join instead. There
>>>may even be a way to do the joins with the Propel models themselves
>>>but this I haven't tried yet.
>>>
>>>
>>>
>>>>Yes, though I still will argue that Geeklog should keep a
>>>>"permissions" table (story.edit, etc) internally and ACLs should be
>>>>kept against that as well. But I bet Tony and I will talk about that
>>>>later. :)
>>>>
>>>>
>>>>
>>>>
>>>Right, the system privileges would go in Auth_Enterprise. The
>>>item-level settings would go in the gl-database. Of course, we will
>>>combine the data structures of the two so we are really talking about
>>>the same database.
>>>
>>>
>>>
>>>>And so people know where I got most of these ideas: I did a lot of
>>>>work with the Andrew File System (AFS) in school, and grew to really
>>>>like the granularity of its permissions system. Heres a web site that
>>>>goes into the basics of that:
>>>>http://www.psc.edu/general/filesys/afs/setpermissions.html. Hopefully
>>>>you'll be able to see what I was shooting for.
>>>>
>>>>
>>>>
>>>>
>>>Didn't know that. I'll have to take a gander.
>>>
>>>--Tony
>>>_______________________________________________
>>>geeklog-devel mailing list
>>>geeklog-devel at lists.geeklog.net
>>>http://lists.geeklog.net/listinfo/geeklog-devel
>>>
>>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>
>>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
--__--__--
Message: 3
Date: Wed, 15 Dec 2004 13:04:19 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] GL2 ACL
Reply-To: geeklog-devel at lists.geeklog.net
Vinny, here is a link to the original model well over a year old:
http://geeklog.tsystemscorp.com/staticpages/index.php?page=20030612212743102
Is the itemACL table the same as you were envisioning it?
--Tony
Tony Bibbs wrote:
> Can you send me the CREATE TABLE syntax with the ACL stuff in it? As
> an FYI, I'm modeling everything in the database and generating the
> schema.xml from it as opposed to the other way around.
>
> I'll work on the rest of the kernel-only datastructures. We'll want
> to bring Dwight in soon for a real DBA's perspective and then we can
> open up that work to the community for fruther scrutiny.
>
> --Tony
>
> Vincent Furia wrote:
>
>> Not sure when I'll have time to spend on IRC (I can't do that from
>> work). If you just use propel to generate the basic data model for
>> the ACLs I think that would be a good start. I think either of us
>> could write the xml for that...then its probably just a matter of
>> extending the acl and item classes that propel creates (and
>> potentially the peer classes as well).
>>
>> Extending the classes can come later though. First things first, and
>> that is getting the xml schema done... First one to get it done email
>> the other? I wasn't sure how much you might have coded up already.
>> We should get the schema.xml for GL2 "core" done soon at any rate I
>> think...
>>
>> Let me know which way you want to play it. I'm game. I should have
>> one or two hours every night this week and then a couple over the
>> weekend as well to work on some stuff.
>>
>> The decision on Auth_Enterprise sounds good to me. Propel can
>> generate some nice simple user and group tables for us to work with.
>>
>> -Vinny
>>
>> P.S. Might it be time for a separate GL2-devel mailing list?
>>
>> On Wed, 15 Dec 2004 11:39:10 -0600, Tony Bibbs <tony at tonybibbs.com>
>> wrote:
>>
>>
>>> Vinny, any chance you can I can hash this out ASAP? I've a minimalist
>>> data model created that I'd like to pipe through Propel. I know a lot
>>> will change but it will at least put the whole security issue to bed.
>>> I've been in IRC hoping to catch up with you but gl-bot keeps
>>> telling me
>>> you haven't been around in 9 days ;-)
>>>
>>> Also, I'm thinking strongly about not including Auth_Enterprise by
>>> default. I think GL2 should function alone and allow it to be easily
>>> customized to use any auth system. Auth_Enterprise is a real work of
>>> art but I think the installation and administration is complex and
>>> would
>>> only suit large or business oriented sites.
>>>
>>> --Tony
>>>
>>> Tony Bibbs wrote:
>>>
>>>
>>>
>>>> Vincent Furia wrote:
>>>>
>>>>
>>>>
>>>>> Actually I don't think performance will be a problem. All that needs
>>>>> to be done is a single SQL call with a straight join or two DB calls.
>>>>> I suspect that Propel will do the latter.
>>>>>
>>>>
>>>> We can force Propel to do it the way we ask. If it natively wants to
>>>> do 2 calls we can use a named query and force a join instead. There
>>>> may even be a way to do the joins with the Propel models themselves
>>>> but this I haven't tried yet.
>>>>
>>>>
>>>>
>>>>> Yes, though I still will argue that Geeklog should keep a
>>>>> "permissions" table (story.edit, etc) internally and ACLs should be
>>>>> kept against that as well. But I bet Tony and I will talk about that
>>>>> later. :)
>>>>>
>>>>>
>>>>>
>>>>
>>>> Right, the system privileges would go in Auth_Enterprise. The
>>>> item-level settings would go in the gl-database. Of course, we will
>>>> combine the data structures of the two so we are really talking about
>>>> the same database.
>>>>
>>>>
>>>>
>>>>> And so people know where I got most of these ideas: I did a lot of
>>>>> work with the Andrew File System (AFS) in school, and grew to really
>>>>> like the granularity of its permissions system. Heres a web site
>>>>> that
>>>>> goes into the basics of that:
>>>>> http://www.psc.edu/general/filesys/afs/setpermissions.html.
>>>>> Hopefully
>>>>> you'll be able to see what I was shooting for.
>>>>>
>>>>>
>>>>>
>>>>
>>>> Didn't know that. I'll have to take a gander.
>>>>
>>>> --Tony
>>>> _______________________________________________
>>>> geeklog-devel mailing list
>>>> geeklog-devel at lists.geeklog.net
>>>> http://lists.geeklog.net/listinfo/geeklog-devel
>>>>
>>>
>>> _______________________________________________
>>> geeklog-devel mailing list
>>> geeklog-devel at lists.geeklog.net
>>> http://lists.geeklog.net/listinfo/geeklog-devel
>>>
>>>
>>
>> _______________________________________________
>> geeklog-devel mailing list
>> geeklog-devel at lists.geeklog.net
>> http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
--__--__--
Message: 4
Date: Wed, 15 Dec 2004 14:27:11 -0500
From: Vincent Furia <vfuria at gmail.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] GL2 ACL
Reply-To: geeklog-devel at lists.geeklog.net
Yup, though you'd probably want to throw an autoincrement int in front
as a primary key. Indexes would have go on user_id and group_id and
item_id.
Also, I'd like to vote for writing the xml and then generating the sql
ddl rather than the other way around. It seems much cleaner to me.
-Vinny
On Wed, 15 Dec 2004 13:04:19 -0600, Tony Bibbs <tony at tonybibbs.com> wrote:
> Vinny, here is a link to the original model well over a year old:
>
> http://geeklog.tsystemscorp.com/staticpages/index.php?page=20030612212743102
>
> Is the itemACL table the same as you were envisioning it?
>
> --Tony
>
> Tony Bibbs wrote:
>
> > Can you send me the CREATE TABLE syntax with the ACL stuff in it? As
> > an FYI, I'm modeling everything in the database and generating the
> > schema.xml from it as opposed to the other way around.
> >
> > I'll work on the rest of the kernel-only datastructures. We'll want
> > to bring Dwight in soon for a real DBA's perspective and then we can
> > open up that work to the community for fruther scrutiny.
> >
> > --Tony
> >
> > Vincent Furia wrote:
> >
> >> Not sure when I'll have time to spend on IRC (I can't do that from
> >> work). If you just use propel to generate the basic data model for
> >> the ACLs I think that would be a good start. I think either of us
> >> could write the xml for that...then its probably just a matter of
> >> extending the acl and item classes that propel creates (and
> >> potentially the peer classes as well).
> >>
> >> Extending the classes can come later though. First things first, and
> >> that is getting the xml schema done... First one to get it done email
> >> the other? I wasn't sure how much you might have coded up already.
> >> We should get the schema.xml for GL2 "core" done soon at any rate I
> >> think...
> >>
> >> Let me know which way you want to play it. I'm game. I should have
> >> one or two hours every night this week and then a couple over the
> >> weekend as well to work on some stuff.
> >>
> >> The decision on Auth_Enterprise sounds good to me. Propel can
> >> generate some nice simple user and group tables for us to work with.
> >>
> >> -Vinny
> >>
> >> P.S. Might it be time for a separate GL2-devel mailing list?
> >>
> >> On Wed, 15 Dec 2004 11:39:10 -0600, Tony Bibbs <tony at tonybibbs.com>
> >> wrote:
> >>
> >>
> >>> Vinny, any chance you can I can hash this out ASAP? I've a minimalist
> >>> data model created that I'd like to pipe through Propel. I know a lot
> >>> will change but it will at least put the whole security issue to bed.
> >>> I've been in IRC hoping to catch up with you but gl-bot keeps
> >>> telling me
> >>> you haven't been around in 9 days ;-)
> >>>
> >>> Also, I'm thinking strongly about not including Auth_Enterprise by
> >>> default. I think GL2 should function alone and allow it to be easily
> >>> customized to use any auth system. Auth_Enterprise is a real work of
> >>> art but I think the installation and administration is complex and
> >>> would
> >>> only suit large or business oriented sites.
> >>>
> >>> --Tony
> >>>
> >>> Tony Bibbs wrote:
> >>>
> >>>
> >>>
> >>>> Vincent Furia wrote:
> >>>>
> >>>>
> >>>>
> >>>>> Actually I don't think performance will be a problem. All that needs
> >>>>> to be done is a single SQL call with a straight join or two DB calls.
> >>>>> I suspect that Propel will do the latter.
> >>>>>
> >>>>
> >>>> We can force Propel to do it the way we ask. If it natively wants to
> >>>> do 2 calls we can use a named query and force a join instead. There
> >>>> may even be a way to do the joins with the Propel models themselves
> >>>> but this I haven't tried yet.
> >>>>
> >>>>
> >>>>
> >>>>> Yes, though I still will argue that Geeklog should keep a
> >>>>> "permissions" table (story.edit, etc) internally and ACLs should be
> >>>>> kept against that as well. But I bet Tony and I will talk about that
> >>>>> later. :)
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>> Right, the system privileges would go in Auth_Enterprise. The
> >>>> item-level settings would go in the gl-database. Of course, we will
> >>>> combine the data structures of the two so we are really talking about
> >>>> the same database.
> >>>>
> >>>>
> >>>>
> >>>>> And so people know where I got most of these ideas: I did a lot of
> >>>>> work with the Andrew File System (AFS) in school, and grew to really
> >>>>> like the granularity of its permissions system. Heres a web site
> >>>>> that
> >>>>> goes into the basics of that:
> >>>>> http://www.psc.edu/general/filesys/afs/setpermissions.html.
> >>>>> Hopefully
> >>>>> you'll be able to see what I was shooting for.
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>> Didn't know that. I'll have to take a gander.
> >>>>
> >>>> --Tony
> >>>> _______________________________________________
> >>>> geeklog-devel mailing list
> >>>> geeklog-devel at lists.geeklog.net
> >>>> http://lists.geeklog.net/listinfo/geeklog-devel
> >>>>
> >>>
> >>> _______________________________________________
> >>> geeklog-devel mailing list
> >>> geeklog-devel at lists.geeklog.net
> >>> http://lists.geeklog.net/listinfo/geeklog-devel
> >>>
> >>>
> >>
> >> _______________________________________________
> >> geeklog-devel mailing list
> >> geeklog-devel at lists.geeklog.net
> >> http://lists.geeklog.net/listinfo/geeklog-devel
> >>
> >>
> >
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
--__--__--
Message: 5
Date: Wed, 15 Dec 2004 14:36:34 -0500 (EST)
Subject: Re: [geeklog-devel] GL2 ACL
From: dwight at trumbower.com
To: geeklog-devel at lists.geeklog.net
Reply-To: geeklog-devel at lists.geeklog.net
> Also, I'd like to vote for writing the xml and then generating the sql
> ddl rather than the other way around. It seems much cleaner to me.
The DBA in me would vote that way too. The developer in me might disagree. :)
Dwight
--__--__--
Message: 6
Date: Wed, 15 Dec 2004 13:45:05 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] GL2 ACL
Reply-To: geeklog-devel at lists.geeklog.net
Vincent Furia wrote:
>Yup, though you'd probably want to throw an autoincrement int in front
>as a primary key. Indexes would have go on user_id and group_id and
>item_id.
>
>
Sounds good.
>Also, I'd like to vote for writing the xml and then generating the sql
>ddl rather than the other way around. It seems much cleaner to me.
>
>
Sorry, I think backwards. Actually the beauty of this is that this is a
developer-by-developer preference. Actually, I submitted a patch to a
bug in Propel that was caused Propel to ignore MySQL's foreign keys.
This is because back when Propel was started, foreign keys in MySQL were
in their infancy. Given that, I think you'd have a similar 'bug' going
the other direction...but I could be wrong.
--Tony
--__--__--
Message: 7
Date: Wed, 15 Dec 2004 13:55:58 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: [geeklog-devel] Blocks in GL2 as Plugin?
Reply-To: geeklog-devel at lists.geeklog.net
Were any of you thinking blocks would be part of the actual GL2 kernel
or should they exist, instead, as a plugin? The more I think of it, the
more I think they are simply a plugin...though, they will probably be
used to render content served up by nearly every other plugin that would
be installed.
--Tony
--__--__--
Message: 8
Date: Wed, 15 Dec 2004 14:50:14 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: [geeklog-devel] Custom user attributes in GL2
Reply-To: geeklog-devel at lists.geeklog.net
Anybody have any input on how to best address providing the community
with fairly easy way to add custom attributes for users in GL2?
I don't I have a good idea on how to do this. My hopes are that plugins
would have their own one-to-one mapping from the core user table to
their own user table with addition information. Assuming that is OK,
how do we handle things the site admin simply wants to add (e.g. msn id,
pgp key, etc).
--Tony
--__--__--
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel
End of geeklog-devel Digest
More information about the geeklog-devtalk
mailing list