Thanks - this is useful. However, my concern is that there could ultimately be a very large number of resources and I wonder what the performance repercussions would be of just using the roles as is.
Any thoughts? Thanks, Jeremy On Jun 16, 2008, at 4:09 AM, [EMAIL PROTECTED] wrote: > > Hi Jeremy, > > The easiest solution is to name your roles with the resource they > apply to. > Say you have resources r1, r2, and r3 you could name your roles: > > r1-edit > r2-edit > r3-edit > r1-write > r2-write > etc > > As long as you don't use ``-`` characters elsewhere in the role name > this > works fine. You then just test for the role ``r1-edit``. > > The alternative is to write your own custom permissions and your own > custom > data store. This works fine too but is a lot more work and actually > amounts > to the same thing anyway. Incidentally, very early versions of AuthKit > supported this functionality but I dropped it because the same thing > was so > easily implemented by just using the naming convention described > above. > > Hope that helps, > > James > > > > Original Message: > ----------------- > From: Jeremy Burton [EMAIL PROTECTED] > Date: Sun, 15 Jun 2008 13:00:27 -0700 > To: [email protected] > Subject: "Preferred" approach to extend Authkit to resource level > access-control > > > > The architecture of Authkit (and the examples/tutorial) seem to assume > that users have access-control/permissions at the application-wide > level. > > The application I am developing requires access-control/permissions at > the per resource level. i.e. each user has various permissions (read, > write, edit, delete) on an arbitrary number of resources. > > Do any Authkit experts on this list have a strong view on how to use > Authkit in this context? I'd rather not reinvent the wheel. > > Thanks, > JB > > > > > -------------------------------------------------------------------- > mail2web.com - Microsoft® Exchange solutions from a leading provider - > http://link.mail2web.com/Business/Exchange > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
