Re: [Quixote-users] ContactAdmin misnomer?

[mario ruggier]

Thanks. It is very nice and simple. A few comments:

While we are talking about names, should'nt that be "grantee" and not 
"granter" ?
Just to clarify, what grant() does may be simply said:
	Subject (user self) : Verb (permission) : Object (receiver of the 
allowed action)
And, when object is just True, then the subject is granted the 
permission open-endedly...

Plus, what about revoke instead of ungrant?

For expiring permissions (such as valid paid subscription), one would 
need to customize is_granted(), e.g. to call a specific function that 
checks the validity of the permission? So, persisting this info does 
not seem like such a good idea... Unless, a permissions can be 
scheduled, e.g., with a start and end date, the is_granted() check can 
therefore be self-contained. And how the start and end-dates are set 
will be external application logic.

mario



On Oct 7, 2005, at 10:39 PM, David Binger wrote:

# PersistentSet is a new durus type.
# string is a new spec that includes unicodes and ascii strs.

class Permissions (PersistentDict):

    data_is = {string:sequence(either(Persistent, True), PersistentSet)}

    def grant(self, permission, granter):
        require(permission, string)
        require(granter, either(Persistent, True))
        if permission not in self:
            self[permission] = PersistentSet([granter])
        else:
            self[permission].add(granter)

    def ungrant(self, permission, granter):
        require(permission, string)
        require(granter, either(Persistent, True))
        if self.is_granted(permission, granter):
            self.data[permission].remove(granter)
            if len(self.data[permission]) == 0:
                del self.data[permission]

    def is_granted(self, permission, granter):
        return granter in self.get(permission, [])

class DulcineaUser(DulcineaPersistent):

    global_permissions = {
        "act-as":
            "Allow to act as another user.",
        "create-users":
            "Allow the creation of other users.",
        "manage-permissions":
            "Allow changing of permissions.",
        "staff":
            "Is a member of the staff",
        "system":
            "Allow to do things normally done by the software system.",
        }

    permissions_is = Permissions

    ...

    def is_admin(self):
        return self.is_granted('staff')

    def is_granted(self, permission, granter=True):
        return self.get_permissions().is_granted(permission, granter)

_______________________________________________
Quixote-users mailing list
Quixote-users@mems-exchange.org
http://mail.mems-exchange.org/mailman/listinfo/quixote-users