Martijn Korse wrote:
I'm not sure what you mean with part the the validation... you mean that
every article is tied to to a certain group of users?
In that case i think the way to go would be to assign roles to these users
and then loop through this data, setting an allow rule for each combination
or role and resource. You don't even need assertions for that.
To explain a bit better
Say you have a simple news system with a million articles written by a
million different users. You want the authors to be able to edit their
own article.
To do this via individual roles is definitely not scalable and the
assertions seem like an ideal way of achieving this (and indeed such a
use case is given as an example use of assertions in the webinars/docs).
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
