On Thu, 26 Jul 2007, Thomas Nunninger wrote: > Am Freitag, 20. Juli 2007 09:38 schrieb Derick Rethans: > > On Thu, 19 Jul 2007, Thomas Nunninger wrote: > > > > I just added a draft [1] and prototype [2] of the Tree component > > > > to SVN. Please have a look at it. > > > > > > I had a short look at your design document and the prototype. Here > > > are some notes/ideas: > > > > > > - Wouldn't it be nice to provide some credentials to the tree? > > > Perhaps it's even possible to implement different credential > > > drivers (ACL, eZ publish like, ...). Some backends (e.g. LDAP or a > > > specialized tree implementation, like eZ publish's content_tree) > > > could benefit of faster results as they do not need to fetch all > > > data from the backend and the application checks the user's rights > > > via PHP. > > > > > > Perhaps you don't need to provide any credential implementation > > > with the component - just enable developers to integrate credential > > > checking easily. > > > > Well, the idea is that a credential system could be *made* with this > > tree component. From the requirements I quote: > > > > Use Cases > > --------- > > > > * ACL as PHPGACL: http://phpgacl.sourceforge.net > > My comments are somehow related to other posts in this thread. > > My idea was somehow like the content tree in eZ Publish where section > information or some other meta data is stored. When fetching a subtree > (of the content tree), the credentials can filter on the metadata to > return only the nodes the user can access. > > I see no way, how this could be done for ACL based credentials via SQL. > Probably you can't avoid the extra checking via PHP. But for easier > systems like the actual in eZ Publish it could provide performance. > > This could probably be done with the hooks/interfaces: extending the > query (SQL/LDAP/whatever) when fetching the nodes and callbacks for > checking each single node after fetching from the storage (e.g. ACL).
You can now simply extend the backend classes to do this. You can override all the methods - I don't quite see how this can be done differently. regards, Derick -- Components mailing list [email protected] http://lists.ez.no/mailman/listinfo/components
