On Sun, Apr 16, 2006 at 08:08:34PM +0200, Christopher Lenz wrote:
>
> How about passing the resource *object*, e.g. the Ticket or WikiPage
> instance?
This is a good idea, but I think the performance impact might be
significant. For example, for TitleIndex to successfully use the
permission system it would need to fetch every wiki page, rather than
just the names. Similarly, if permissions were added for each timeline
provider, each object would need to be fetched to determine
Alternatively, the has/assert_permission() methods could accept either a
tuple of (resource_class/res_type, res_id), or a resource object:
req.perm.assert_permission('WIKI_VIEW', (WikiPage, 'SandBox'))
req.perm.assert_permission('WIKI_VIEW', ('wiki', 'SandBox'))
req.perm.assert_permission('WIKI_VIEW', WikiPage(self.env, 'SandBox'))
The IPermissionPolicy would receive only (res_type, res_id) or a
resource object to reduce the amount of logic required. Presumably if a
policy needs to know more than (type, id) about a resource, it also
knows how to instantiate the resource itself.
This seems like the option with the least impact to me. Thoughts?
--
Evolution: Taking care of those too stupid to take care of themselves.
_______________________________________________
Trac-dev mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-dev
