[dev] Permissions - possible changes

[Jan Schneider]

Zitat von Chuck Hagenbuch <chuck at horde.org>:

> 1. Add more permissions levels.
>
> Right now we have PERMS_SHOW, PERMS_READ, PERMS_EDIT, and PERMS_DELETE. Some
> other permissions systems have more levels, and we could potentially follow
> that - PERMS_ADD comes to mind. Other possibilities would be PERMS_ADMIN,
> PERMS_COMMENT, PERMS_MODERATE, etc.
>
> Do we need more levels? I'm not sure we do. Could some of them be 
> useful? Sure -

While we might need more levels, it wouldn't like to have them by default. I
think the current levels are already complex enough for most end users,
below you even argue to make them less complex. And IIRC, applications can
easily add the special perm levels they need right now.

> 2. Make permissions levels additive.
>
> Right now, PERMS_DELETE does not imply any other permissions - it 
> just lets you
> delete things. This is very flexible, but I'm not sure it's useful in 
> practice.
> It also means that we have an additive bitmask which is, again, flexible, but
> more complicated than a simple level of access.
>
> We could change to having each level of permissions imply all the 
> others - i.e.,
> you have *either* SHOW, READ, EDIT, or DELETE. For one thing, this would
> greatly simplify the permissions editing screens.

While this would probably be more simple I wouldn't like to loose the
flexibility. Most permission systems work the (bit) way that we have done.
It might make sense though to add a speciel PERMS_ALL or _FULL that
includes *all* permission levels.

Jan.

--
http://www.horde.org - The Horde Project
http://www.ammma.de - Neue Wege des Lernens
http://www.tip4all.de - Deine private Tippgemeinschaft