Jason Huggins wrote: > Robert Wittams wrote: > >>The reports probably have an "owner" foreign key to the auth.User class, >>right? Then this is the owner. This would be exposed by an additional >>method. > > > Would this be trickier if I want to allow a particular user or a group > to have access? >
Well, you would need to represent that in your model. I don't think that would be hard. >>6) needs a little refinement - do you want to be able to change >>permissions on *anything* (in which case universally applying an ACL >>system to this particular app would work) or just on particular model >>classes? > > > I was thinking that it would be nice if Bob could "delegate" or "grant" > some rights that he has to others... If he can edit expense report #3, > he should be able to "grant edit" on #3 to a > So the simplest way to do this would be an ReportAccessGrant model class. The point is, anything is doable, but the information you are basing your decisions on would normally go into the model. >>>Perhaps it's better if I write up some Django model code and then we >>>dissect *that*... >> >>Maybe if you stuck a model up on the wiki we could hash out the best way >>to do this. >> >>Note that I don't believe that it will necessarily be "nice" doing it in >>any way right now : the point of this exercise is to see how to extend >>django to make this stuff possible without burdening every app. > > > > Hmmm... I might hold off on posting my model just yet... After some > more googling, I think I may have found what I'm looking for: > Fine Grained permissions with mod_authz_svn: > http://svnbook.red-bean.com/en/1.1/ch06s04.html#svn-ch-6-sect-4.4.2 > > A Python implementation of mod_authz_svn for the Trac project: > http://projects.edgewall.com/trac/wiki/FineGrainedPermissions > http://projects.edgewall.com/trac/ticket/157 > http://projects.edgewall.com/trac/changeset/1450 > > The fine grained permissions configuration is relatively simple. > See the doctests for how easy it is to setup and use the scheme: > http://projects.edgewall.com/trac/browser/trunk/trac/versioncontrol/tests/svn_authz.py?rev=1450 > > I'm wondering what it would take to make this available as standalone > Python library... If it was standalone, I could use it (or not) in my > Django code, but I could also use it in my CherryPy code... or even > Plone! > Hm, this seems to be a file format for simplified ACLs. Well, that is one way of doing it. If we had appropriate hooks, I think it would be pretty easy to link this (or a database backed acl system) up for projects that wanted it, without mandating it. I just hope we can get the hooks right. Rob
