[dev] Permissions - possible changes

[Chuck Hagenbuch]

As we move towards Horde 3.0, I'd like to make sure that the permissions system
is robust and flexible enough to support us both now and going forward. There
are two potential modifications which may or may not be good ideas that I'm
looking for feedback on.

1. Add more permissions levels.

Right now we have PERMS_SHOW, PERMS_READ, PERMS_EDIT, and PERMS_DELETE. Some
other permissions systems have more levels, and we could potentially follow
that - PERMS_ADD comes to mind. Other possibilities would be PERMS_ADMIN,
PERMS_COMMENT, PERMS_MODERATE, etc.

Do we need more levels? I'm not sure we do. Could some of them be useful? Sure -
I'm just not sure it's worth it. I'm interested in what the whole development
community thinks, though.


2. Make permissions levels additive.

Right now, PERMS_DELETE does not imply any other permissions - it just lets you
delete things. This is very flexible, but I'm not sure it's useful in practice.
It also means that we have an additive bitmask which is, again, flexible, but
more complicated than a simple level of access.

We could change to having each level of permissions imply all the others - i.e.,
you have *either* SHOW, READ, EDIT, or DELETE. For one thing, this would
greatly simplify the permissions editing screens.

This would actually remove an amount of flexibility, in exchange for simplicity
and making it more intutive for users (I'm not sure that it's obvious now that
you need to make sure to give someone all 4 levels of access to your shared
calendar, for instance, or SHOW, READ, *and* EDIT to let them add events,
etc..).

Thoughts?

Don't worry about existing data, we'll have a conversion script if we adopt any
of these. I'd like to move forward with changes (if any) soon, though, to make
sure this is stable for release and doesn't hold anything back.

-chuck

--
"Regard my poor demoralized mule!" - Juan Valdez