Hello pbr, I implemented a ACL system a couple of days ago, ported from a system I use in php. The idea is similar to what you described - access rules are defined for an user or can be grouped in roles. Users can have one or more roles, and individual access rules can override or extend these roles. Here's a quick paste:
http://paste.pocoo.org/show/110555/ This is just a storage system and interface to check permissions. You need to tie it to the objects you want to restrict access (handlers and/or models) using decorators or other methods. Let me know if it helps or if you have ideas to improve it. -- rodrigo On Mar 29, 1:16 am, wrote: > 1) I have a simple application that can be accessed by multiple users > 2) The users are combined into groups (overlapping is possible) > 3) Privileges (read/write/delete) are assigned to groups > 4) Groups are then assigned to view/edit data > > I have started to build out this functionality by creating Users, > Groups, Privileges models and then setting up pseudo-foreign key > relationships to them. (As you can see, I can from the relational > world). Before I continue down this implementation path, I thought > I'd see if there was something already out there that did this or if > there is a better way. > > Any advice or pointers to other resources would be greatly > appreciated. Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
