Inline... On Apr 30, 2009, at 12:11 PM, David E Jones wrote:
What is the point of changing all of the security data like this? In other words, is there some reason that the new security stuff can't use the same permissions syntax/convention as the older security stuff?
Looks like you probably missed the big design document which explains everything:
http://docs.ofbiz.org/x/-B0 http://docs.ofbiz.org/x/JR4
The thing to keep in mind is that not only will there be a big effort to make all of these changes in OFBiz, but everyone with production data will have to perform a big non-backward-compatible database migration that will require system downtime.
Yes, it will be a big effort, but it is something I plan to tackle as quickly as possible. As for non-backward-compatible database changes, I totally disagree. As long as the new seed data is loaded, nothing else is required (except some minor DB schema changes, all adds, no deletes) I was very careful when designing this to avoid this completely. There is no reason why old permission data and new permission data cannot live together in the database. It will hurt nothing.
Also, it should be fairly easy to write a simple migration script to remove the old permissions; but that could get tricky when there are custom applications or code which doesn't get migrated in this effort.
It is certainly okay to require that if there is a good reason for it, but I guess that's what I'm not seeing here... the benefits we all get from the new format...
Instead of me explaining this over and over (which is what I figured would happen) I put everything together in a document in confluence and linked that to all the JIRA issues. My guess is after you read that doc, you will completely understand the importance of the permission format changes which is really what prompted the entire effort.
I'd be happy to discuss additional changes as well (which aren't yet documented) like adding support to check multiple permissions at once, returning a Map of results from that permission check. So, if you or anyone else has a wish list for security, let me know so I can get it all incorporated at the same time.
Andrew
