Is there a suggestion for how to implement something like this
efficiently:
group | contract | permission
-----------------------------------------------------------------
1 | 3 | 2
1 | 4 | 3
2 | 3 | 2
where for example, permission 2 is read and permission 3 is write
Each group would have any number of members - which raises an issue
with the permissions.
I originally thought about each user having a private group where only
he/she has write permission
(kind of like the way red hat handles a user's default group on
linux). Thus each contract would have
at least one group owner with write access - namely the owner's
private group.
What I'm trying to achieve is a clear permissions based model where
the typical business setup of
a human contract manager (user) existing in a contract management team
(group A) can read/write group
contracts from group A but can only read contracts from group B.
Additionally, it might be a good idea to
allow contract managers to grant read only permission to either
anonymous users or to anyone logged in but not
a member of a generic "contract_manager_group".
For each contract_manager group, a designated user could be granted
permission to allow users to join and to grant them
read and/or write permission.
Currently, this is implemented in model/schema.py (
http://code.google.com/p/pycontraxx/source/browse/trunk/pycontraxx/model/schema.py
).
When a user visits http://app/contract/manage/$contract_id he is
denied access unless logged in. If access is granted, the scope of the
access is tested by
checking what id is requested ($contract_id) and checking if the user
is in any group listed in contract.groups and if said group has e.g.
rw permission listed in groups.permissions. This seems a bit primitive
though and I'm sure there's a much more elegant way of doing this
using repoze.... but so far I'm stuck
on repoze as I seem to have to test using a decorator ( @require
(predicates.in_group('contract_managers', msg=l_('Only for contract
managers'))) ) before accessing the args sent to the controller method
(in the case above, the contract_id). If I could manage to get this
working using predicates, I'm sure it would make the app much more
flexible down the road.
Any ideas :) ?
On 7 Apr., 15:08, frankentux <[email protected]> wrote:
> Started a Google Code Project:http://code.google.com/p/pycontraxx/
>
> Anonymous SVN (I think you have to join the project before getting RW
> permissions)
> svn checkouthttp://pycontraxx.googlecode.com/svn/trunk/pycontraxx-
> read-only
>
> Currently there is only a standard paster quickstart -s with
> authentication enabled plus
> a schema.py under pycontraxx/model/ which contains the business logic
> (probably should be
> split out into multiple files?). There is also some controller code
> set up - but this was mostly me
> playing with repoze and rapidly figuring out that it was going to be
> more difficult than I though
> to implement group level access restrictions to contracts and
> projects.
>
> On Apr 6, 6:33 pm, frankentux <[email protected]> wrote:
>
> > Given that the project is only in the starting stages (I've put
> > together a rough model which is getting more complicated by the day),
> > I'm looking firstly for help with "conceptualising" the project:
> > - improving the model (having problems at the moment with user/group/
> > contract where trying to implement ro,rw)
> > - user admin interface (whereby a group "owner" can add/remove group
> > members and determine the scope of their access to contracts)
> > - using existing form widgets/creating new form widgets to handle
> > entering contracts along with projects, contract parties, contract
> > documents
> > - event based notifications on a per user or per group basis (e.g.
> > contract xyz will expire in 30 days if not renewed)
> > - timeline showing what's coming up (events such as contract renewal
> > deadline, contract expiry)
> > - not sure if this is overkill, but it would be cool to have a kind
> > of svn backend to handle uploaded contracts (odt, doc, pdf)
>
> > Maybe if I just post the entire model? Or upload everything I have to
> > google code or something like that?
>
> > On Apr 6, 5:40 pm, Mark Ramm <[email protected]> wrote:
>
> > > Right now this mailing list is the right place. Let us know a couple
> > > details of what kind of help you're looking for and when you need it
> > > and I'm sure some people will reply to you off list.
>
> > > --Mark Ramm
>
> > > On Mon, Apr 6, 2009 at 10:32 AM, frankentux <[email protected]>
> > > wrote:
>
> > > > I was wondering if there is a kind of a "help wanted" feature - either
> > > > here on the mailing list, or on the turbogears.org site. Specifically,
> > > > I want to pick up development of a contract management application
> > > > using turbogears2 - it's a pretty big project though.
>
> > > > Thus, does anyone know where I could post a "looking for help" notice
> > > > - somewhere that turbogears users would find it?
>
> > > --
> > > Mark Ramm-Christensen
> > > email: mark at compoundthinking dot com
> > > blog:www.compoundthinking.com/blog
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
