On Sun, Apr 16, 2006 at 04:34:06PM +0200, Christian Boos wrote:
> Do we really need to interpret `resource=None` as
> "indicating that action can be applied to any resource." ?
Very true, this was an auto-pilot moment I think; simply copied the code
over from the previous patch. I've removed it and uploaded a new patch.
> Then, for the "resource" itself, I think we should pass the "type"
> information as well as the "id" only. Relying on the action to
> decide what kind of resource to we handle seems a bit kludgy.
I see your point, though my reasoning was that the type is implicit in
the permission. However I guess we already have 'meta' permissions like
TRAC_ADMIN, so maybe it won't be as implicit in the future.
What about this:
class PermissionCache(object):
def has_permission(self, action, resource_type=None, resource_id=None):
def assert_permission(self, action, resource_type=None,
resource_id=None):
def permissions(self, resource_type=None, resource_id=None):
and
class IPermissionPolicy(Interface):
def check_permission(username, action, resource_type, resource_id):
?
> In the future, those resources could even know a bit about themselves,
> and for resource based permission, we could write things like:
>
> obj.has_permission('WIKI_VIEW')
>
> which would translate into:
>
> def has_permission(action):
> self.req.perm.has_permission(action, self.type, self.id)
This could almost be part of your jihad to clarify the distinction between
client/server related objects? :) Probably a good idea though.
--
Evolution: Taking care of those too stupid to take care of themselves.
_______________________________________________
Trac-dev mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-dev
