Unix Filesystem Based Authorization
6 views
Skip to first unread message
Richard
May 4, 2010, 1:12:32 AM5/4/10
to acl9-discuss
I've been playing with ACL9 tonight and have found it nearly works for
my needs - but my implementation might not be that great:
User has_many :customers
User has_one :office (usually a main office with several users and
some geographically remote offices with a few users)
Office has_many :users
Above all of this is an Account model that has_many :users - I do
think I need to change my associations to where Account has many
offices, office has_many users, and user belongs_to office
Anyway
I need to do read/write/delete on customers for the owner, office, and
other
kind of like user.has_role? :owner,_read customer # not so important
as 99% of the time owner has read/write/delete
office.has_role? :office_read, customer
And some how, if the logged in user does not own the customer, belong
to an OFFICE that can read,change,delete the customer - then check
some sort of public permissions to see if the customer can be either
read/change/deleted
Can I do this with ACL9? From the 10 minutes I looked at other
solutions it seems ACL9 is the most flexible so far - so I may be
writing this myself
my needs - but my implementation might not be that great:
User has_many :customers
User has_one :office (usually a main office with several users and
some geographically remote offices with a few users)
Office has_many :users
Above all of this is an Account model that has_many :users - I do
think I need to change my associations to where Account has many
offices, office has_many users, and user belongs_to office
Anyway
I need to do read/write/delete on customers for the owner, office, and
other
kind of like user.has_role? :owner,_read customer # not so important
as 99% of the time owner has read/write/delete
office.has_role? :office_read, customer
And some how, if the logged in user does not own the customer, belong
to an OFFICE that can read,change,delete the customer - then check
some sort of public permissions to see if the customer can be either
read/change/deleted
Can I do this with ACL9? From the 10 minutes I looked at other
solutions it seems ACL9 is the most flexible so far - so I may be
writing this myself
Sharad Jain
May 4, 2010, 12:24:08 PM5/4/10
to acl9-d...@googlegroups.com
Detecting whether user has a certain permisison on a object and the
revers is easy with acl9.
Finding the list of all users with a particular role on an object and
finding all objects on which a user has a role is a bit tedious.
Read up following links for those:
http://wiki.github.com/be9/acl9/tutorial-linking-object-and-subject-with-hmt
http://www.tatvartha.com/2010/03/optimizing-has_role-in-acl9/
-sharad
revers is easy with acl9.
Finding the list of all users with a particular role on an object and
finding all objects on which a user has a role is a bit tedious.
Read up following links for those:
http://wiki.github.com/be9/acl9/tutorial-linking-object-and-subject-with-hmt
http://www.tatvartha.com/2010/03/optimizing-has_role-in-acl9/
-sharad
Reply all
Reply to author
Forward
0 new messages