Hi guys, (Yuval please note: this concerns one of your modules)
Are there any plans afoot to build on Catalyst::Plugin::Authorization::ACL? I have a requirement for a couple of enhancements, and I'd like to sound out the list before jumping in and coding. 1. I'd quite like the idea of a generic "resource", that users have access to, rather than just a controller method. The resource could be or correspond to a file on the server's fs, a wiki page, a diary appointment, etc. The resource would have a set of permissions, controlled through the model: * See (whether this resource actually appears at all) * Read (Are the contents of the resource visible/executable?) * Modify * Delete * Grant (who can change the permissions for this resource) The resource also has an owner (user) and a group (role). Each of the permissions above can be set to one of 'owner', 'group', 'world' or none. Proposed module name: Catalyst::Plugin::Authorization::ACL::Resource 2. Full blown access control lists For more sophisticated requirements, we have an actual list: Include: list of entities Exclude: list of entities each entity can be one of the following: * A user * 'owner' * A role * 'group' * An ACL (i.e. nesting) This enhances option 1 above by allowing the permission to be an ACL besides 'owner', 'group', 'world' or none. Proposed module name: Catalyst::Plugin::Authorization::ACL::Full What do people think? Feedback please. By the way in case you are wondering, I am looking to write a CMS that sits on top of Catalyst. Ivor. _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
