[horde] using horde perms to build apps
Alex Vorobiev
sasha at mathforum.org
Wed Aug 13 11:29:46 PDT 2003
chuck,
thank you for your response, it does help. let me ask you a few more
specific questions as a followup.
1. am i correct in assuming that permissions are essentially implemented in
horde as a three-way logical relationship between an object/entity, a user
or group, and an operation (read, write, etc.)? does this also mean that
storage-wise, you may have multiple category records for the same object,
such as obj_id/user_id/read as well as obj_id/user_id/write?
2. how would you treat hierarchy relationships with respect to permissions?
if a given object doesn't have explicitly defined permissions, do you check
the parent? is this check recursive?
3. finally, with object-level permissions generating lists of objects can
get very expensive. say, you are generating a list of 100s of tickets for
display in whups. do you check permissions on every ticket? what do you
think is the best way to scale that?
thanks a lot for your feedback,
--sasha
----- Original Message -----
From: "Chuck Hagenbuch" <chuck at horde.org>
To: <horde at lists.horde.org>
Sent: Wednesday, August 13, 2003 1:32 PM
Subject: Re: [horde] using horde perms to build apps
> Quoting Alex Vorobiev <sasha at mathforum.org>:
>
> > permissions is one of my major concerns as i am looking to implement a
> > sufficiently flexible user/group/object/perm model. having spent
> > considerable time today looking at the Perms class, i am very confused
about
> > the horde permissions model and how it works. i am getting lost in the
> > words/variables perm, permission, perms, and so forth. i am not quite
> > following the relationship between the Perms class and the
> > CategoryObject_Permission, and i am having trouble visualizing the data
> > model and the logical relationships between arbitrary objects, their
> > permissions (or permission objects), and so forth. can someone possibly
> > draw up a simple relationship diagram of some sort? and perhaps shed
some
> > light on why permissions are implemented the way they are.
>
> Hrm. I'm having trouble picking specific questions out of this. Basically:
>
> - permissions are implemented on top of the Categories system, because it
stores
> arbitrary hierarchical data and thus makes it easy for us.
>
> - CategoryObject_Permission is the class that maps to individual
permissions
> objects.
>
> - Permissions can be applied to anything, but the checking has to be done
by the
> permissioned object or application; the perms system just takes care of
> answering permissions questions, not ensuring that they're asked.
>
> That help at all?
>
> -chuck
>
> --
> Charles Hagenbuch, <chuck at horde.org>
> They're just looking at a wall of meat.
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
More information about the horde
mailing list