Menu
▾
▴
Re: [WWdevel] Config module questions
|
From: Sam H. <sh...@ma...> - 2005-09-30 01:39:39
|
On Sep 29, 2005, at 20:42, John Jones wrote:
> One problem with permissions is that the value of things like "ta"
> is configurable in global.conf, but the value is not visible from
> the outside. One change I was going to make in global.conf.dist
> was to add to the permissions structure:
>
> %permissionLevels = (
> login => $guest,
> report_bugs => $student,
> ...
> guest => $guest,
> student => $student,
> proctor => $proctor,
> ta => $ta,
> professor => $professor,
> );
I'd caution against adding these values as "permissions". They're
not, and they would invite abuse whereby code would check
hasPermissions($userID, "ta") instead of creating a logical capability.
Instead, why not add a %userRoles hash, like this:
%userRoles = (
guest => -5,
student => 0,
proctor => 2,
ta => 5,
professor => 10,
);
and then redefine %permissionLevels like so:
%permissionLevels = (
login => $userRoles{guest},
report_bugs => $userRoles{student},
or even, with a slight change to Authz.pm:
%permissionLevels = (
login => "guest",
report_bugs => "student",
Come to think of it, once we have this, we can go wild. It would be
nice to break out of the this-permission-value-or-higher trap, for
example:
%permissionLevels = (
login => qw/guest student proctor ta
professor/,
report_bugs => qw/student proctor ta
professor/,
Ok, that's enough of that. :)
-sam
|
