[dev] Re: Application Permissions (was Re: appLinks() and Re:About permissions)

Chuck Hagenbuch chuck at horde.org
Fri Mar 28 09:35:04 PST 2003 

Quoting Jeroen Huinink <j.huinink at wanadoo.nl>:

> Let me try to rephrase point 4. There can only be a parent-child
> relationship between permissions if there is a parent-child relationship
> between the objects the permissions apply to. E.g. (I'm not sure if it is
> actually implemented like this) a whups module has a permission. The
> permissions of every ticket in the module are children of the module's
> permission. Does this clarify my statement?

Yes, and it's incorrect. How you describe things is a relatively logical way
for it to work, but it is in no way required.

Also, at the moment, permissions are not inherited (from parents to
children). This *could* change in the future, but isn't how things are
right now.

> That's how it is at this moment. I was thinking that we could replace the
> 'admin' setting in the conf file through a generic permissions mechanism.
> I cannot think of reasons why we couldn't do this.

Bootstrapping; efficiency when you don't really need the full scheme;
convenience for people/apps that only really need one admin level.

> I'm not sure if I see what you mean. We're not thinking along the same
> lines here. I was thinking that we define e.g. _PERMS_GUEST, _PERMS_USER,
> _PERMS_POWER_USER and _PERMS_ADMIN

I don't agree with hardcoding levels like this. I'd rather let
applications/sites define their own permission levels. So if an app needs
reporter, admin, etc. "user levels", they can be implmented with
permissioned named appname.reporter, appname.admin, etc.

> Ok, but
> 1. in Whups how can I specify that a reporter can create new tickets and
> add comments to his own tickets, but not to other tickets?

Right now, you can't. But I'm not sure what this has to do with Roles?

> 2. in Whups how can I specify that a developer can change specific
> attributes, but not change assignments?

Again, not sure what roles has to do with this, instead of Whups being an
unfinished piece of software?

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
"... It is not more light we need, but more warmth! We die of cold, not of
darkness. It is not the night that kills, but the frost." - Miguel de
Unamuno

More information about the dev mailing list