On 24 Aug 2004 at 11:32, Sam Vilain wrote:
> "Group", by itself, infers no such treeness. You may have chosen to
> model your groups and users by some close analogue of;
>
>
> +-----------------+ +---------+ +--------+
> | GrantableEntity |------| Grant |------| Entity |
> +--------+--------+ 1 * +---------+ * 1 +--------+
> /_\
> |
> +---+ +---------+--------+
> | | * | |
> |* +---------+ * * +--------+
> +--| Group |---------| User |
> +---------+ +--------+
>
>
> Unix Groups, for instance, do not bother with this, so "Group" doesn't
> mean "Heirarchy of Groups" in this case.
Yes, I see that. So I'm building one particular model of an ACL, so
the module name should refer to that, so Tree is more relevant than
Group in the name. My model would be more like (UML neophyte diagram
coming up):
+-----------------+
| GrantableEntity |
+--------+--------+
* |
|
+---+ +---------+
| | * |
|* +---------+ 1 * +--------+
+--| Group |---------| User |
+---------+ +--------+
What I mean is, groups contain subgroups to arbitrary depth, groups
have things they can grant, these things can be strings, coderefs, or
methods, and users always have to go through their (probably single)
group to get at their GrantableEntities. I don't think my module says
anything about the relationship between grants and the entities they
protect. I think you create these yourself and store them on the
nodes of the tree.
Having heard a little about various ACL schemes here, and skimmed a
few of the Authen:: modules on CPAN, I doubt if my module will be
much use for, say, plugging into an existing ACL framework or
service. They have their model, I have mine. But if you have a
multiuser app and you need a straightforward means of splitting users
up and assigning access permissions to different aspects of your app,
then my module, hopefully, would be an option.
[...]
> UML is an excellent language with which to express the exact nature of
> the ACL that your module implements. _*The Art of Objects:
> Object-Oriented Design and Architecture_, by *Yun-Tung Lau
> <http://www.amazon.com/exec/obidos/search-handle-url/index=books&field-author=Yun-Tung%20Lau/102-5857950-6496945>
>
> (isbn://0201711613/) uses ACL design as one of its worked examples.
> Highly recommended.
I had a lot of fun a few months back using UML for the first time to
design things properly, it's a powerful tool, I'm still seeing the
benefits today. I've been looking for the next textbook to read,
looks like I've just found it! Examples in a domain you are actually
working in are always great.
I've applied to register the namespace Tree::Authz on PAUSE. A name
can never communicate everything about a module, but I think that
covers the essentials. A huge improvement over Admin::Group!
Cheers,
d.
--
Dr. David R. Baird
Riverside Content Management Systems
[EMAIL PROTECTED]
http://www.riverside-cms.co.uk
