Menu
▾
▴
Re: [binarycloud-dev] Permissions in R2
|
From: Alex B. <en...@tu...> - 2001-06-13 20:27:19
|
> Read the spec for R2, and the permissions class seems incomplete - let me > give a scenario: > > We have a "settings" page, used to display and update settings for a portion > of the site. (preferences, etc) > > We want to display the current settings, and, if you are an authenticated > user, allow you to change them. > > If you don't have alter permissions, we just don't show you the buttons in > the form, nor do we allow you to save anything. ok. so far we support all of that without a problem. > So, we want to know: > 1) Who are you (supported) > 2) Do you have permissions to view this file/page? (supported) > 3) Do you have permission to a particular block of functionality within this > file/page? (apparently unsupported) absolutely supported :) we do that by specifying what roles have permissions to do what operations on entities. for example a public user can "edit" but not "create" preferences for their userid. so roles control both access to URIs, _and_ entity operations. > How can this be supported given the current level of the spec? I will update the spec as soon as auth/perm is done. I think once those components are complete it makes sense to go back through and update the spec to match what we're doing. _alex -- alex black, ceo en...@tu... the turing studio, inc. http://www.turingstudio.com vox+510.666.0074 fax+510.666.0093 |
