I would say that before deciding on an implementation strategy, we would want to talk through the functionality we want.
I might be missing something in the thread below (it's been a long day ;-), but... I don't think I would want to tie access to the rename function to the ability to manage the namespace. I would instead probably want the ability to control rename independently. I understand that's probably a whole new discussion of various kinds of extension to the security model, but I don't understand connecting these two forms of permission... Thoughts? David > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:flexwiki- > [EMAIL PROTECTED] On Behalf Of Craig Andera > Sent: Tuesday, September 11, 2007 6:15 PM > To: 'FlexWiki Users Mailing List' > Subject: Re: [Flexwiki-users] Access to Rename Functionality > > > In reviewing the content of FlexWiki it is evident that the Rename > > function has been used in ways that cause damage to the integrity of > > the content, and in a manner that makes it difficult to recover the > > prior content. Would it be possible to restrict access to only those > > security principals with the ManageNamespace right? > > At the moment, IIRC, there's no way to ask the engine if someone has > ManageNamespace. About the closest you can get is asking if someone has > Edit > on _ContentBaseDefinition, but frankly, that's not really the same > thing. > It's certainly possible in theory to add an operation like an overload > of > HasPermission(). It probably wouldn't even be important to cache it, > which > would make implementation a bit easier. We're going to want it in any > event > to support dynamic display of the Lock/Unlock buttons in the web front > end > (support for Lock/Unlock is present in the engine but not yet exposed). > > All this is a small-to-medium job. Feel like taking it on? It would > involve > modifying IContentProvider to add an overload of HasPermission [1], > then > implementing it everywhere that needed it. Most providers could inherit > a > default implementation from ContentProviderBase, which would just > forward it > to Next. FileSystemStore and SqlStore would implement it to always > return > true. > > [1] I think it should look like this: > > public bool HasPermission(NamespacePermission permission); > > where NamespacePermission looks like this: > > public enum NamespacePermission > { > Manage > } > > > > ----------------------------------------------------------------------- > -- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Flexwiki-users mailing list > Flexwiki-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/flexwiki-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Flexwiki-users mailing list Flexwiki-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flexwiki-users
