Yes this function should be called for each main object in a page and
for each object in a list that has a list of actions
Volunteers are welcome.
But be careful - it needs to be finished:
- not all the objects are covered.
- and surely some local specific perms an object can have are missing.
(think about the private in img gal, the locker advantage, tthe tracker
creator...so not generic situations.. and so many it is a nightmare,)
IMHO the concept was good
But this function is not well written - it is mainly mine - so I can
tell whatever I want - the loop on perms that is everywhere is not good
programming- If somebody wants to redo it - welcome
and sometimes it seems abusive to get all the perms for only one perm
(even if it is the same number of requests - a lot of loop/code for
nothing) so perhaps an additional params for just a perms
Actually I am more thinking about generalizing specific perms - like
owner of each object can edit it(not sure it will fit stagging...)
I do not know - I was very convinced when I began to write this function
- I am not so convinced today - every idea is welcome
On Fri, 2009-05-01 at 00:19 +0200, Giancarlo Pinerolo wrote:
> Giancarlo Pinerolo wrote:
> > I seriously think we have to move the
> > permission logic out of the scripts....
> > ...
> > Already we have, in every script:
> > 1) check for tiki_p_admin or tiki_p_admin_xxx, and give priority for it
> > 2) check local object perm, and give priority for it, except for case 1)
> > 3) check for category perm, and give priority except for case 1) and 2)
> > 4) check for group perm
> > ...
> > Except for 1), normally for cases 2) 3) 4) a programmer is not
> > interested in knowing where the permission is coming from, if from
> > group, object or category. He just wants to know if he has it.
> > But the returned permissions array (for that user for that object) could
> > contain a third field that states where that perm for that object comes
> > from: group,object,category,admin
> I found now a function that seems to do almost all of this, and return
> either an array, or globalize the $tiki_p_xxx variables:
> tikilib->get_perm_object($objectId, $objectType, $info='', $global=true)
> It seems that, by calling this function once in a script, one will have
> all the $tiki_p_xxx variables, for himself on that object, globalized.
> No matter if they come from his group, the category, or the objectperms
> If I am right, this should be the preferred method to check for perms
> Giancarlo pingus
> Register Now & Save for Velocity, the Web Performance & Operations
> Conference from O'Reilly Media. Velocity features a full day of
> expert-led, hands-on workshops and two days of sessions from industry
> leaders in dedicated Performance & Operations tracks. Use code vel09scf
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> Tikiwiki-devel mailing list