Updated version of the patch then. Includes case where there is no such row
('create' action).
However, I'm not sure if these changes are GAE-compartible. Not sure if
bigtable likes .belongs on multiple columns.
Can anybody test?
Regards
Alexey.
--- tools.py_ 2010-09-08 08:40:22.266751051 +0400
+++ tools.py 2010-09-08 09:44:30.050746520 +0400
@@ -2415,17 +2415,10 @@
== user_id).select(membership.group_id)
groups = set([row.group_id for row in rows])
permission = self.settings.table_permission
- rows = self.db(permission.name == name)(permission.table_name
- == str(table_name))(permission.record_id
- == record_id).select(permission.group_id)
+ rows = self.db(permission.name.belongs((name,'any'))&
+ permission.table_name.belongs((str(table_name),''))&
+
permission.record_id.belongs((record_id,0))).select(permission.group_id)
groups_required = set([row.group_id for row in rows])
- if record_id:
- rows = self.db(permission.name
- == name)(permission.table_name
- == str(table_name))(permission.record_id
- == 0).select(permission.group_id)
- groups_required = groups_required.union(set([row.group_id
- for row in rows]))
if groups.intersection(groups_required):
r = True
else:
On Wed, Sep 8, 2010 at 5:14 PM, mdipierro <[email protected]> wrote:
> I think this should be considered a bug and I agree with the change.
> Anybody opposed?
>
> Massimo
>
> On Sep 7, 11:46 pm, Alexey Nezhdanov <[email protected]> wrote:
> > Hi. I think that I found some inconsistency in the topic.
> > When you do, say,
> > auth.add_permission(group_id) - it assumes the permission name 'any',
> table
> > name empty and record_id 0.
> > Which in turn feels like "full admin rights" - any action on any table on
> > any record.
> > In fact, that gives no permissions whatsoever.
> >
> > I've came out with the following patch to make it work for me, but since
> > that is the very core of RBAC, I'm not sure if that is the right solution
> or
> > if I am looking in the correct direction at all.
> >
> > --- tools.old.py 2010-09-08 08:40:22.266751051 +0400
> > +++ tools.py 2010-09-08 08:41:25.894746181 +0400
> > @@ -2420,10 +2420,9 @@
> > == record_id).select(permission.group_id)
> > groups_required = set([row.group_id for row in rows])
> > if record_id:
> > - rows = self.db(permission.name
> > - == name)(permission.table_name
> > - == str(table_name))(permission.record_id
> > - == 0).select(permission.group_id)
> > + rows = self.db(permission.name.belongs((name,'any'))&
> > +
> > permission.table_name.belongs((str(table_name),''))&
> > +
> > permission.record_id.belongs((record_id,0))).select(permission.group_id)
> > groups_required = groups_required.union(set([row.group_id
> > for row in rows]))
> > if groups.intersection(groups_required):
> >
> > Regards
> > Alexey
>
