Done.
I also think we need a mechanism to give permissions to users about
groups. The auth_permission works well to give permissions about
objects and other tables but not about groups themselves.
For example consider the permission to manage a group. If we do
auth.has_permission('manage','auth_group',group_id)
this will check that the auth.user is member of a group that has
permission to manage the auth_group in question. The only thing that
would make sense is if that is the group 'user_%(id)s' which is unique
of the user. So now instead of one link between the user and the group
he has permission to manage we have to find which is the unique group
of the user, and check that members of this groups have the manage
permission on the other group. To check the names of the people who
have manage permission on a group we need three-way join. All of this
is cumbersome.
I think we need something like
db.define_table('auth_group_permission'
Field('group_id','reference auth_group'),
Field('user_id','reference auth_user'),
Field('permission','string'),
auth.signature)
Thoughts?
On Jan 29, 9:02 pm, Bruno Rocha <[email protected]> wrote:
> I like the idea. Currently I am loading user groups on login.
>
> I just think it have to be called auth.user_groups so it will be more
> compatible with auth.user_id
>
> http://zerp.ly/rochacbruno
> Em 29/01/2012 23:17, "Massimo Di Pierro" <[email protected]>
> escreveu:
>
> > auth.mygroups
>
> > is a dictionary of (key,value) = (group_id,role)
>
> > This makes it easy to create objects like
>
> > db.define_table('thing',
> > Field('name'),
> > Field('groups_with_access','list:reference auth_group'))
>
> > and select them with
>
> > mythings =
>
> db(db.thing.groups_with_access.contains(auth.mygroups.keys())).select(db.th
> ing.ALL)
>
>
>
>
>
>
>
>
>
> > Before this makes it into stable I would like to hear comments and
> > suggestions for improvement.
