[dev] Assigning permissions dynamically in Turba
Michael Rubinsky
mike at theupstairsroom.com
Mon Jun 20 20:39:05 PDT 2005
--On Monday, June 20, 2005 12:00 PM -0700 dev-request at lists.horde.org wrote:
> Quoting Michael Rubinsky <mike at theupstairsroom.com>:
>
> > I'm trying to map IMSP acls to horde permissions for IMSP addressbooks
now
> > that the read-only attribute is gone. I've got the initial code worked
> > out, but am having a problem determining exactly *where* to call it
from.
>
> What about if we put the check into the driver, so you could call
> $object->hasPermission($perm), and that'd call the driver object in
> tern. Then the IMSP driver can override the default implementation.
So, in other words, we wouldn't filter $cfgSources through
Turba::permissionsFilter() anymore and instead just check for permissions
through an $object->hasPermission() call wherever we need to know
permissions? That sounds good. Doing it this way would actually not even
require there to be horde permissions set if the backend supports acls - as
the driver could be written to just check those. Although, I'd still like
to see the acls visible as horde permissions helping to prevent the
possibility of assigning rights via horde that the user doesn't actually
have on the backend.
> Something similar in the driver object for permissions on the actual
> sources...
> > In a related question, I'm having trouble figuring a way to map the
> > permissions back the other way, from horde permissions to imsp acls.
Are
> > there any existing permission hooks that I could tie into to determine
when
> > a permission has been changed from with horde..something along the
lines of
> > the horde shares stuff? If not, would anyone object to adding them?
>
> Yeah, we'd need hooks for that part - no objection from me to adding them.
Cool. I'll start looking at this as well.
> -chuck
>
>
More information about the dev
mailing list