[dev] [cvs] commit: framework/Perms/Perms datatree.php

[Chuck Hagenbuch]

Quoting Jan Schneider <jan at horde.org>:

> The problem is that the Share system uses Perms objects without using
> the Perms API. The Perms system assumes that we have a strict
> hierarchical permissions structure with application permissions on the
> top level. Shares use arbitrary names for permssions that don't follow
> this scheme, e.g. Trean uses username:category:subcategory for share
> names, but "username" is of course no application.

I think the obvious fix is to make sure that shares conform to the 
organizational scheme we expect in Perms...

> This wasn't really clear to me until I analyzed this bug, and now that
> I know it, I don't feel really well with this fact. No better ideas at
> the moment, but I thought I should share it with you.

It's perhaps not the clearest thing, but by storing permissions with 
shares, we can easily take permissions into account while listing 
shares instead of having numerous extra permissions checks. And we are 
able to take advantage of the logic implemented in the Perms:: api as 
well; permission-checking logic is a good thing to only have in one 
place.

Maybe we just need to formally seperate the Perms storage API from the 
Perms checking API a bit?

-chuck

-- 
"But she goes not abroad in search of monsters to destroy." - John 
Quincy Adams