From: Ulf W. <ul...@wi...> - 2007-01-29 07:46:02
|
Den 2007-01-28 05:27:10 skrev Caoyuan Deng <dca...@gm...>: > As erlhive has supported privilege on {class, scalar | array | stream > | module}, what I meant was fetching all exported functions of a > module, and treat them as one of {class, scalar | array | stream | > module} (or another class: function?), user can then define > public/private area on them. When compile this module, inject guard > code according to the 'area'. Thus, the function level access control > can be supported. Well, in Erlang, the identity of a function is determined by its module context, so lists:foldl() and ets:foldl() are decidedly different functions, and there is no separately managed thing called (in this case) foldl(). While one could invent a way to treat a function as a self-contained object, I'm afraid to put too much weirdness into erlhive. (: > BTW, for most community web applications, group level access > control is very important, although we can plug-in it, maybe > it's better supported natively? In the great rewrite, not yet committed to the repository, I've restructured the handling of environment data so that it would be quite easy to add group membership as well. I'm thinking of replacing the functions erlhive.user:auth(), erlhive.user:owner(), etc. with erlhive.user:env(Name), where Name =3D owner | auth | caller, etc. and perhaps also group. There would of course be some increased overhead when the environment record is initialized (basically, each time another module is called), but it may not be noticeable. BR, Ulf W -- = Ulf Wiger |