On Nov 19, 2010, at 8:03 AM, Carlos wrote: > > I have one proposal: extend auth_membership with a new "reference > auth_context" in order to support a multi-tenant architecture (single > web2py application with multiple tenants / contexts). > > This would be optional, so that everything works exactly the same as > now, plus a new option to support "contexts". > > This way, users would have context-sensitive roles, e.g. one same user > can have the "administrator" role in contextA, plus the same > "administrator" role in contextB, plus an X non-context role, etc. > > Also the "has_membership" decorator would have to be extended to > support a new "context" optional parameter. > > And all this would be fully compatible with the current design (since > "context" is optional). > > What do you think?.
I'm not sure about the details, but I agree that this would be a good addition to the auth framework. I ran into the same problem myself on a project that didn't ultimately get funded, so I never worked out a good solution. Same general problem: users with different roles in different tenants. I'm wondering if there needs to be an explicit "global" or "master" context for super-admins, or would that capability fall out of the general context capabilities?
