Mike,
For the first question you could write your own version of
AccessController and amend the action.accesscontroller property to point
to it. This could then populate an AccessControlList object with the
roles and permissions you want for a non-logged in user (look at the
code in DBSecurityService.getACL(user) for pointers).
However you might want to rethink your permissions system - do you
really need guest users to have permissions that a logged in user might
not have? If not, just don't check for permissions for things that a
guest user can do.
For question 2, yes you are confused :-) Don't let Rafal hear you talk
about this, he'll get quite upset :-) Basically users DO NOT belong to
groups. Full stop.
So in your example: users (1, 2, 3, 4) all have roles (x, y) in group
(A). That's how it works. The groups are not groups of roles or groups
of users, they're like projects or application zones, and some users may
have an administrative role in one project or zone, but only a user role
in another project or zone.
So an understanding of this might suggest why the idea of having a
'Guest' group, going back to your first question, doesn't really make
sense.
Sean
On Tue, Feb 20, 2001 at 04:48:41PM -0600, Mike Haberman wrote:
> I need some clarification on how the new permissions tables work.
> Let's say I have
> Permissions {a b c}
> Roles {x, y, z}
>
> Role-Permissions (x {a}, y {a, b}, z {a, b, c})
> that is role x has permisions a. role z has all 3 permissions
>
> QUESTION 1:
> Now I want all Users who do not log in to belong to group Guest with
> Role x:
>
> The User_Group_Role table states that none (users, groups, or role)
> can be null, so how do I map the following:
> I want all non-athenticated users to belong to the group Guest
> and I want group Guest to have a set a roles.
>
>
> QUESTION 2:
> I would like to do the following:
> Group A has users (1,2,3,4)
> and Group A has roles (x, y)
> So all members in groups A have the permissions associated with the roles
> x and y.
>
>
> I would like to have 2 mappings:
> Groups and Roles
> Groups and Users
>
> That way, I have more flexibility on how I assign permissions.
>
> If I have a user, I get its group(s)
> If I have a group, I get it's roles
>
>
> I am confused, I think I would like to associated groups with roles
> and groups with users, but I can't.
>
>
> thanks!!
>
> mike
>
>
>
>
> --
> -------------------------------------------------
> I am Vinz, Vinz Clortho. Keymaster of Gozer,
> Volguus Zildrohar, Lord of the Sebouillia.
> Are you the Gatekeeper?
> -------------------------------------------------
>
>
> ------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
> Problems?: [EMAIL PROTECTED]
--
Sean Legassick
[EMAIL PROTECTED]
Hombre soy, nada humano me puede ser ajeno
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
