Unix Filesystem Based Authorization

Skip to first unread message


May 4, 2010, 1:12:32 AM5/4/10
to acl9-discuss
I've been playing with ACL9 tonight and have found it nearly works for
my needs - but my implementation might not be that great:

User has_many :customers

User has_one :office (usually a main office with several users and
some geographically remote offices with a few users)

Office has_many :users

Above all of this is an Account model that has_many :users - I do
think I need to change my associations to where Account has many
offices, office has_many users, and user belongs_to office


I need to do read/write/delete on customers for the owner, office, and

kind of like user.has_role? :owner,_read customer # not so important
as 99% of the time owner has read/write/delete

office.has_role? :office_read, customer

And some how, if the logged in user does not own the customer, belong
to an OFFICE that can read,change,delete the customer - then check
some sort of public permissions to see if the customer can be either

Can I do this with ACL9? From the 10 minutes I looked at other
solutions it seems ACL9 is the most flexible so far - so I may be
writing this myself

Sharad Jain

May 4, 2010, 12:24:08 PM5/4/10
to acl9-d...@googlegroups.com
Detecting whether user has a certain permisison on a object and the
revers is easy with acl9.
Finding the list of all users with a particular role on an object and
finding all objects on which a user has a role is a bit tedious.
Read up following links for those:
Reply all
Reply to author
0 new messages