March, Andres wrote:
Wow, great work Ben. One question though, shouldn't the parent-child
object identity relationship be maintained outside the ACL table since
conceivably there will be many records for the same child?
Hi Andres
The current implementation is like this:
CREATE TABLE acls ( object_identity VARCHAR_IGNORECASE(250) NOT NULL, recipient VARCHAR_IGNORECASE(100) NOT NULL, parent_object_identity VARCHAR_IGNORECASE(250), mask INTEGER NOT NULL, acl_class VARCHAR_IGNORECASE(250) NOT NULL, CONSTRAINT pk_acls PRIMARY KEY(object_identity, recipient) );
Each row with a parent who should contribute ACL information populates its parent_object_identity with the object_identity of its parent. IT can also be null if there is no parent. This approach is fairly simple, and also allows children to have parents of different class types. So you might have a domain object ACL hierarchy like this: World:1 -> Region:4 (say Pacific) -> Country:61 (say Australia) -> AdministrativeArea:1 (say New South Wales) -> Locality:434 (say Belmont). This "different parent types" is a common requirement, as you can assign the ACLs at the higher, parent objects (eg folders -> files, orders -> orderLineItems, organisations -> employees etc).
I'm not sure I know what you mean re maintaining the parent identity outside the ACL table. Could you post a schema to the list?
Best regards Ben
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
