[horde] using horde perms to build apps

Alex Vorobiev sasha at mathforum.org
Wed Aug 13 11:29:46 PDT 2003 

chuck,

thank you for your response, it does help.  let me ask you a few more
specific questions as a followup.

1. am i correct in assuming that permissions are essentially implemented in
horde as a three-way logical relationship between an object/entity, a user
or group, and an operation (read, write, etc.)?  does this also mean that
storage-wise, you may have multiple category records for the same object,
such as obj_id/user_id/read as well as obj_id/user_id/write?

2. how would you treat hierarchy relationships with respect to permissions?
if a given object doesn't have explicitly defined permissions, do you check
the parent?  is this check recursive?

3.  finally, with object-level permissions generating lists of objects can
get very expensive.  say, you are generating a list of 100s of tickets for
display in whups.  do you check permissions on every ticket?  what do you
think is the best way to scale that?

thanks a lot for your feedback,

--sasha


----- Original Message ----- 
From: "Chuck Hagenbuch" <chuck at horde.org>
To: <horde at lists.horde.org>
Sent: Wednesday, August 13, 2003 1:32 PM
Subject: Re: [horde] using horde perms to build apps


> Quoting Alex Vorobiev <sasha at mathforum.org>:
>
> > permissions is one of my major concerns as i am looking to implement a
> > sufficiently flexible user/group/object/perm model.  having spent
> > considerable time today looking at the Perms class, i am very confused
about
> > the horde permissions model and how it works.  i am getting lost in the
> > words/variables perm, permission, perms, and so forth.  i am not quite
> > following the relationship between the Perms class and the
> > CategoryObject_Permission, and i am having trouble visualizing the data
> > model and the logical relationships between arbitrary objects, their
> > permissions (or permission objects), and so forth.  can someone possibly
> > draw up a simple relationship diagram of some sort?  and perhaps shed
some
> > light on why permissions are implemented the way they are.
>
> Hrm. I'm having trouble picking specific questions out of this. Basically:
>
> - permissions are implemented on top of the Categories system, because it
stores
> arbitrary hierarchical data and thus makes it easy for us.
>
> - CategoryObject_Permission is the class that maps to individual
permissions
> objects.
>
> - Permissions can be applied to anything, but the checking has to be done
by the
>  permissioned object or application; the perms system just takes care of
> answering permissions questions, not ensuring that they're asked.
>
> That help at all?
>
> -chuck
>
> --
> Charles Hagenbuch, <chuck at horde.org>
> They're just looking at a wall of meat.
>
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>

More information about the horde mailing list