On 11/15/07, Christian Boos <[EMAIL PROTECTED]> wrote: > Ok, thanks for the clarifications. I also think that adding additional > attachment permissions in the default "coarse-grained" permission store > was not a step in the right direction...
Yeah, totally agree. > > So what about something like that: > > class ILegacyAttachmentPolicyDelegate(Interface): > > def check_attachment_permission(action, username, resource, perm): > """Return the usual True/False/None security policy decision > appropriate for > the requested action. > > :param action: one of ATTACHEMENT_VIEW, ATTACHMENT_CREATE, > ATTACHMENT_DELETE > :param username: the user string > :param resource: the `Resource` for the attachment. Note > that when > ATTACHMENT_CREATE is checked, the > resource `.id` > will be `None`. > :param perm: the permission cache for that username and resource > """ > > > class FullBlog(Component): > > # ILegacyAttachmentPolicyDelegate methods > > def has_attachment_permission(action, username, resource, perm): > if resource.parent.realm == 'blog': > if self.get_blog_post(resource.parent).author == username: > return 'BLOG_MODIFY_OWN' in perm > else: > return 'BLOG_MODIFY_ALL' in perm I think this is preferable to both my original proposals. +1 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
