| # |
Feb 19th 2009, 14:58 |
jperras |
no one is saying it's bad |
| # |
Feb 19th 2009, 14:58 |
alkemann |
well gwoo ok'ed this approach so it cant be THAT bad :p |
| # |
Feb 19th 2009, 14:58 |
AD7six |
what's described on the group permissions page is basically ini based acl |
| # |
Feb 19th 2009, 14:57 |
AD7six |
ini based acl doesn't have any |
| # |
Feb 19th 2009, 14:57 |
alkemann |
yes, the queries to the acl table |
| # |
Feb 19th 2009, 14:57 |
jperras |
alkemann: price? |
| # |
Feb 19th 2009, 14:56 |
AD7six |
alkemann: as far as I understand |
| # |
Feb 19th 2009, 14:56 |
jperras |
e.g. record-based fine-grained permissions, or complex logic schemes |
| # |
Feb 19th 2009, 14:56 |
alkemann |
we dont require complex rules though, so I dont see what we gain for the price |
| # |
Feb 19th 2009, 14:56 |
AD7six |
alkemann: the intention is to use the users plugin from the book and enhance it as needed. |
| # |
Feb 19th 2009, 14:56 |
jperras |
those are usually questions because people are using acl for things it was never designed for |
| # |
Feb 19th 2009, 14:55 |
alkemann |
this is way 45% of support questions are about acl? :p |
| # |
Feb 19th 2009, 14:55 |
jperras |
I'm not pro acl at all. Often times I think it's the wrong tool for the job, and will not hesitate to say so |
| # |
Feb 19th 2009, 14:55 |
alkemann |
a user_profile that is bound to bakery sounds like an ok solution |
| # |
Feb 19th 2009, 14:55 |
AD7six |
acl isn't hard to use though, it's actually very easy |
| # |
Feb 19th 2009, 14:54 |
AD7six |
ADmad: or maybe role would be the same class as app_profile - where you'd also store "email me replies to my comments" and other settings like that. |
| # |
Feb 19th 2009, 14:54 |
alkemann |
jperras: sounds like you are very pro the ACL, so i dont know what to say other that this will be much more effective and easier to work with /shurg |
| # |
Feb 19th 2009, 14:53 |
AD7six |
ADmad: a role table in the bakery db. user_id, role (group, whatever it should be called) to be used as the lynchpin for acl or the group-finding-model otherwise |
| # |
Feb 19th 2009, 14:52 |
alkemann |
gwoo wants this app to built as a standalone and not especially made for cakephp.org though |
| # |
Feb 19th 2009, 14:52 |
jperras |
here's what I don't get alkemann: you and ADmad have spec'ed out a permissions system which is nearly identical to ACL in 'controller' authentication mode using a static config.ini file (instead of db), and you want the bakery to roll their own perms. system instead. |
| # |
Feb 19th 2009, 14:52 |
AD7six |
so user | app data needs to be seperated, and the user-group link would be on the app data side of the divide |
| # |
Feb 19th 2009, 14:52 |
ADmad |
AD7six: yes this was jotted up b4 we had that directive... what changes/alternative do you suggest |
| # |
Feb 19th 2009, 14:51 |
alkemann |
yes, i agree that this feature would be good. |
| # |
Feb 19th 2009, 14:51 |
AD7six |
whoo'ps. |
| # |
Feb 19th 2009, 14:51 |
AD7six |
and any other apps built going forwards |
| # |
Feb 19th 2009, 14:51 |
AD7six |
and any other apps that are built going forwards |
| # |
Feb 19th 2009, 14:50 |
AD7six |
the same user table is used in the book - the book's permissions are seperate and different |
| # |
Feb 19th 2009, 14:50 |
AD7six |
alkemann: you weren't here when I came in: something that I consider important is that the user data should be seperate from the apps data and logic |
| # |
Feb 19th 2009, 14:50 |
jperras |
AD7six: if Group hasMany User, where else would it be? |
| # |
Feb 19th 2009, 14:49 |
alkemann |
yes. important part of the solution |
| # |
Feb 19th 2009, 14:49 |
AD7six |
for one the group_id field is in the users table |
| # |
Feb 19th 2009, 14:49 |
AD7six |
oo don't like that so much ;) |
| # |
Feb 19th 2009, 14:48 |
jperras |
bottom of the wiki page, AD7six |
| # |
Feb 19th 2009, 14:48 |
alkemann |
http://thechaw.com/bakery/wiki/spec/users/Group_permissions |
| # |
Feb 19th 2009, 14:48 |
AD7six |
I see a description of permissions |
| # |
Feb 19th 2009, 14:47 |
AD7six |
I don't see where it says how you're going to store and query permissions? |
| # |
Feb 19th 2009, 14:47 |
alkemann |
the one* |
| # |
Feb 19th 2009, 14:47 |
alkemann |
AD7six: the we have specced already |
| # |
Feb 19th 2009, 14:46 |
AD7six |
alkemann: what solution would you suggest |
| # |
Feb 19th 2009, 14:46 |
jperras |
which the acl behavior supports (ini configuration instead of db config) |
| # |
Feb 19th 2009, 14:46 |
jperras |
with a static config file |