Hi all,
I am dabbling with a draft for the ACL design, but I've hit a snag.
Maybe someone out there can help me get going again.
I'm expanding on the earlier proposal. The problem I'm stuck with
is not so much technical as it is assigning a good meaning to
an ACL.
Looking up permissions per current proposal is pretty easy. ACL
inheretance for hierarchic resources should probably be fully
determined by their own ACL or the nearest parent that has one.
But what about ACLs for creation of resources that have no parents?
This would be root pages, root topics, users, groups, styles, etc. How
to determine who gets to create these resources and what ACLs
will be associated with them until one has been constructed
explicitly.
I thought about leaving that to group 0, as they'll have implicit
access granted on any resource for any type. But that would mean you
can't delegate responsibility for maintaining users or hosts without
giving those people 'root' access to your Midgard installation. If you
want to host multiple sites for separate groups this is going to be
tricky[0]. This can be a design choice, but I'd rather see it done some
other way. Having additional ACLs describing permissions on tables
rather than resources may be a solution (basically giving every
resource a parent whether the resource is hierarchic or not),
but I would really Welcome All Input (tm) on this before I
push on.
Bye,
Emile
[0] although separated database is going to make this specific point
moot I guess.
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
