On Thu, Mar 12, 2009 at 9:49 AM, Vidar Ramdal <[email protected]> wrote: > For the application I'm developing, I have abandoned the ACL concept > alltogether. Instead, I'm implementing my own access management logic > from scratch. > > I find that in many web applications, a typical ACL concept is not the > best solution.
Interesting, could you elaborate? Is this similar to the reasons mentioned in a presentation by Zed Shaw ( http://dev.day.com/microsling/content/blogs/main/theaclisdead.html )? In general, if you consider access control during the modeling of your content structure and use inheritance of ACLs, it is actually quite simple to do. And can be configured by administrators later without changing the code. Regards, Alex -- Alexander Klimetschek [email protected]
