Menu
▾
▴
Re: [WWdevel] Config module questions
|
From: John J. <jj...@as...> - 2005-09-30 02:30:35
|
Sam Hathaway wrote:
> On Sep 29, 2005, at 20:42, John Jones wrote:
>
>> One problem with permissions is that the value of things like "ta"
>> is configurable in global.conf, but the value is not visible from
>> the outside. One change I was going to make in global.conf.dist was
>> to add to the permissions structure:
>>
>> %permissionLevels = (
>> login => $guest,
>> report_bugs => $student,
>> ...
>> guest => $guest,
>> student => $student,
>> proctor => $proctor,
>> ta => $ta,
>> professor => $professor,
>> );
>
>
> I'd caution against adding these values as "permissions". They're
> not, and they would invite abuse whereby code would check
> hasPermissions($userID, "ta") instead of creating a logical capability.
>
> Instead, why not add a %userRoles hash, like this:
>
> %userRoles = (
> guest => -5,
> student => 0,
> proctor => 2,
> ta => 5,
> professor => 10,
> );
>
> and then redefine %permissionLevels like so:
>
>
> %permissionLevels = (
> login => $userRoles{guest},
> report_bugs => $userRoles{student},
I was thinking of this, but thought someone would object since $ta,
$student, etc were specifically kept out of the course environment.
But, I think this would definitely be better. It would mean a site
could add a permission level by adding it in one place in global.conf.
> or even, with a slight change to Authz.pm:
>
> %permissionLevels = (
> login => "guest",
> report_bugs => "student",
>
> Come to think of it, once we have this, we can go wild. It would be
> nice to break out of the this-permission-value-or-higher trap, for
> example:
>
> %permissionLevels = (
> login => qw/guest student proctor ta
> professor/,
> report_bugs => qw/student proctor ta
> professor/,
Have people run into cases where there was a problem with permission
types being linearly ordered?
John
|
