On Tue, Mar 20, 2007 at 03:14:20PM -0700, David Powell wrote: > Another option would be to not code the restrictions, which are > intended to avoid administrators shooting themselves in their feet, > but to express them in terms of a annotation in the property-group's > template [1]. Our tools would then consume that annotation and act > accordingly. This would let us easily set which property group types > deserve this restriction, and allow other parties to apply such a > restriction their property groups when useful, all while maintaining > the ability to use read_authorization on non-SCF_GROUP_APPLICATION > application property groups.
Dave, Thanks for pointing this out. I like your suggestion that templates be used to control the applicability of the authorization properties. I've modified the case to account for this eventuality, and to exclude the framework types explicitly rather than limiting the change to groups of type application. In the meantime, I'll implement the check as a simple string comparison of the group type; it will be very easy to replace it once templates are introduced. All, I've updated the case and materials at http://cr.grommit.com/~wesolows/smf-auth/smf-case to incorporate the numerous comments I've received here, and I'll be filing this case in the next day or so. Thanks for your help. -- Keith M Wesolowski "Sir, we're surrounded!" FishWorks "Excellent; we can attack in any direction!"
