Versions Compared

Old Version 9

changes.mady.by.user Apereo Infrastructure

Saved on

compared with

New Version 10

changes.mady.by.user Apereo Infrastructure

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

[12:15:15 CDT(-0500)] <athena> EricDalquist: when you're around again, i wanted to talk about apetro's admin permissions feature request
[14:43:14 CDT(-0500)] <athena> EricDalquist: i've got a working implementation of the permissions code that recognizes ALL_CHANNELS, ALL_CATEGORIES, and ALL_GROUPS
[14:43:21 CDT(-0500)] <athena> turns out ALL_USERS is actually kinda hard to do
[14:43:22 CDT(-0500)] <EricDalquist> neat
[14:43:42 CDT(-0500)] <athena> not sure though if i should check this in or if we want to replace it with just some sort of ALL_PERMISSIONS, like apetro asked for
[14:43:59 CDT(-0500)] <athena> but maybe it's also useful to be able to permission stuff at a more fine-grained level?
[14:44:10 CDT(-0500)] <EricDalquist> yeah
[14:44:14 CDT(-0500)] <EricDalquist> I think this is reasonable
[14:44:21 CDT(-0500)] <EricDalquist> having 3 top level concepts shouldn't be too much overload
[14:45:38 CDT(-0500)] <athena> might have to just keep an eye on performance, since to tell what kind of target it is we have to try to get it as a group
[14:45:44 CDT(-0500)] <athena> but don't think that'll be the end of the world
[14:46:08 CDT(-0500)] <athena> wish we could do ALL_USERS too, but seems like GroupService.getGroupMember returns an entity whether it exists or not
[14:46:23 CDT(-0500)] <EricDalquist> hrm
[14:50:27 CDT(-0500)] <athena> in practice, that's probably not going to be as useful though
[14:50:36 CDT(-0500)] <athena> most users are probably in at least one group (like pags users, or whatever)
[14:50:50 CDT(-0500)] <athena> this is mostly for catching stuff that falls out of all permissions-assigning groups
[14:51:47 CDT(-0500)] <EricDalquist> yeah
[14:52:01 CDT(-0500)] <EricDalquist> ALL_USERS needs to be more of a short-circuit in the permission checks
[14:52:14 CDT(-0500)] <EricDalquist> if perm == all_users return true
[14:52:20 CDT(-0500)] <EricDalquist> without bothering to do anything beyond that
[14:53:32 CDT(-0500)] <athena> yeah
[14:53:41 CDT(-0500)] <athena> just need to find a way to actually know if the target is a user or not
[14:53:53 CDT(-0500)] <athena> groups we test to see if it matches a valid group
[14:54:00 CDT(-0500)] <athena> channels are prefixed w/ a known string
[14:54:17 CDT(-0500)] <EricDalquist> ah ... right
[14:54:19 CDT(-0500)] <EricDalquist> I get it
[14:54:25 CDT(-0500)] <EricDalquist> hrm
[14:54:29 CDT(-0500)] <EricDalquist> that is rought
[14:54:44 CDT(-0500)] <athena> might be able to do it through the authorization principal lookup or something like that
[14:54:51 CDT(-0500)] <athena> i think the only defined princpals are groups and people
[14:54:54 CDT(-0500)] <EricDalquist> yeah
[14:54:55 CDT(-0500)] <athena> will have to check
[14:54:57 CDT(-0500)] <EricDalquist> that should work
[14:55:08 CDT(-0500)] <athena> this at least will cover the immediate need of getting grouper more testable
[16:00:58 CDT(-0500)] <athena> hmmm, looks like we might have to get the user's locale into the XLST
[16:01:00 CDT(-0500)] <athena> er, XSLT
[16:01:08 CDT(-0500)] <EricDalquist> I think it already is
[16:01:28 CDT(-0500)] <EricDalquist> we use it in the current XML based localization