Doug Chestnut wrote:
[...]
I'd prefer a "grant" vs. "deny" permission model, e.g.
/website
grant: world -> visit
/website/myspace
deny: world -> visit
grant: andreas -> visit, edit
/website/myspace/pulicstuff
grant: world -> visit
>
Ahh, Thanks for the example.
would inheritance be handled like so:
/website
*resolve inherited permissions
grant: world -> visit
/website/myspace
*resolve inherited permissions
deny: world -> visit
grant: andreas -> visit, edit
/website/myspace/pulicstuff
*resolve inherited permissions
grant: world -> visit
/website/myspace/publicstuff/morestuff
*resolve inherited permissions
So the world would be able to visit morestuff, right?
Yes, but it is even easier to see it as a bottom-up resolving:
/website/myspace/publicstuff/morestuff
* nothing declared, go up
/website/myspace/pulicstuff
* grant: world -> visit
=> Match! No need to go further up.
-- Andreas
--
Andreas Hartmann
Wyona Inc. - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
