[web2py] Re: hierarchical authorization
You would need something as an LDAP web service. I guess one could create it with web2py. On Mar 21, 1:17 am, Martin Weissenboeck wrote: > Is it possible to use LDAP together with the Goole App Engine? > > 2011/3/21 Martin Weissenboeck > > > > > > > > > Thank you for this hint. > > I do not have any experience with LDAP but of course it would be an > > interesting callenge to learn more. > > > 2011/3/21 Joe Barnhart > > >> Isn't this a perfect example of a place to use web2py with LDAP? > > >> -- Joe > > >> On Mar 20, 5:22 am, Martin Weissenboeck wrote: > >> > Hi everybody, > >> > I have the following problem: I need some kind of hierarchical > >> > authorization. > > >> > This is a simplified model: > >> > Company C001...C500 > >> > Departement D01...D15 > >> > Group G01...G40 > >> > Person P01...P30 > > >> > Not every company has 15 departements, not every departement has 40 > >> groups > >> > and so on, but the whole program should work with up 200.000 persons. > > >> > Now some authorizations: > > >> > - Every person is allowed to change most of (but not all) of his > >> personal > >> > data. > >> > - Some persons are allowed to change some data of the members of a > >> > specified group or some groups or a departement. > >> > - Some persons are allowed to send messages single persons or to the > >> > members of a group or some groups or a departement or a company. > >> > - Some persons are allowed to change all data of the members of a > >> group > >> > or some groups or a departement or a company. > >> > - Some persons are allowed to do everything (including impersonate) > >> with > >> > all data of the members of a whole departement or company. > >> > - ... and so on ... > > >> > One person could be identified by a string field like > >> "C003:D03:G12:P15". > > >> > I think I could use the authorization and the decoration of web2py to > >> allow > >> > one person to modify data or to send messages. > > >> > - But how could I use the authorization e.g. to modify only some > >> data? > >> > - And if somebody is allowed to change some data he should only see > >> these > >> > persons he is allowed to make modifications. > > >> > A sql-statement "where ident like 'C003:D03:G12:%" could do the job. > > >> > - But would it be fast enough for 200.000 persons? > >> > - Is there any way to use theauthentization mechanism for this > >> problem? > > >> > Regards Martin
Re: [web2py] Re: hierarchical authorization
Is it possible to use LDAP together with the Goole App Engine? 2011/3/21 Martin Weissenboeck > Thank you for this hint. > I do not have any experience with LDAP but of course it would be an > interesting callenge to learn more. > > > 2011/3/21 Joe Barnhart > >> Isn't this a perfect example of a place to use web2py with LDAP? >> >> -- Joe >> >> On Mar 20, 5:22 am, Martin Weissenboeck wrote: >> > Hi everybody, >> > I have the following problem: I need some kind of hierarchical >> > authorization. >> > >> > This is a simplified model: >> > Company C001...C500 >> >Departement D01...D15 >> > Group G01...G40 >> > Person P01...P30 >> > >> > Not every company has 15 departements, not every departement has 40 >> groups >> > and so on, but the whole program should work with up 200.000 persons. >> > >> > Now some authorizations: >> > >> >- Every person is allowed to change most of (but not all) of his >> personal >> >data. >> >- Some persons are allowed to change some data of the members of a >> >specified group or some groups or a departement. >> >- Some persons are allowed to send messages single persons or to the >> >members of a group or some groups or a departement or a company. >> >- Some persons are allowed to change all data of the members of a >> group >> >or some groups or a departement or a company. >> >- Some persons are allowed to do everything (including impersonate) >> with >> >all data of the members of a whole departement or company. >> >- ... and so on ... >> > >> > One person could be identified by a string field like >> "C003:D03:G12:P15". >> > >> > I think I could use the authorization and the decoration of web2py to >> allow >> > one person to modify data or to send messages. >> > >> >- But how could I use the authorization e.g. to modify only some >> data? >> >- And if somebody is allowed to change some data he should only see >> these >> >persons he is allowed to make modifications. >> > >> > A sql-statement "where ident like 'C003:D03:G12:%" could do the job. >> > >> >- But would it be fast enough for 200.000 persons? >> >- Is there any way to use theauthentization mechanism for this >> problem? >> > >> > Regards Martin >> > > >
Re: [web2py] Re: hierarchical authorization
Thank you for this hint. I do not have any experience with LDAP but of course it would be an interesting callenge to learn more. 2011/3/21 Joe Barnhart > Isn't this a perfect example of a place to use web2py with LDAP? > > -- Joe > > On Mar 20, 5:22 am, Martin Weissenboeck wrote: > > Hi everybody, > > I have the following problem: I need some kind of hierarchical > > authorization. > > > > This is a simplified model: > > Company C001...C500 > >Departement D01...D15 > > Group G01...G40 > > Person P01...P30 > > > > Not every company has 15 departements, not every departement has 40 > groups > > and so on, but the whole program should work with up 200.000 persons. > > > > Now some authorizations: > > > >- Every person is allowed to change most of (but not all) of his > personal > >data. > >- Some persons are allowed to change some data of the members of a > >specified group or some groups or a departement. > >- Some persons are allowed to send messages single persons or to the > >members of a group or some groups or a departement or a company. > >- Some persons are allowed to change all data of the members of a > group > >or some groups or a departement or a company. > >- Some persons are allowed to do everything (including impersonate) > with > >all data of the members of a whole departement or company. > >- ... and so on ... > > > > One person could be identified by a string field like "C003:D03:G12:P15". > > > > I think I could use the authorization and the decoration of web2py to > allow > > one person to modify data or to send messages. > > > >- But how could I use the authorization e.g. to modify only some data? > >- And if somebody is allowed to change some data he should only see > these > >persons he is allowed to make modifications. > > > > A sql-statement "where ident like 'C003:D03:G12:%" could do the job. > > > >- But would it be fast enough for 200.000 persons? > >- Is there any way to use theauthentization mechanism for this > problem? > > > > Regards Martin >
[web2py] Re: hierarchical authorization
Isn't this a perfect example of a place to use web2py with LDAP? -- Joe On Mar 20, 5:22 am, Martin Weissenboeck wrote: > Hi everybody, > I have the following problem: I need some kind of hierarchical > authorization. > > This is a simplified model: > Company C001...C500 > Departement D01...D15 > Group G01...G40 > Person P01...P30 > > Not every company has 15 departements, not every departement has 40 groups > and so on, but the whole program should work with up 200.000 persons. > > Now some authorizations: > > - Every person is allowed to change most of (but not all) of his personal > data. > - Some persons are allowed to change some data of the members of a > specified group or some groups or a departement. > - Some persons are allowed to send messages single persons or to the > members of a group or some groups or a departement or a company. > - Some persons are allowed to change all data of the members of a group > or some groups or a departement or a company. > - Some persons are allowed to do everything (including impersonate) with > all data of the members of a whole departement or company. > - ... and so on ... > > One person could be identified by a string field like "C003:D03:G12:P15". > > I think I could use the authorization and the decoration of web2py to allow > one person to modify data or to send messages. > > - But how could I use the authorization e.g. to modify only some data? > - And if somebody is allowed to change some data he should only see these > persons he is allowed to make modifications. > > A sql-statement "where ident like 'C003:D03:G12:%" could do the job. > > - But would it be fast enough for 200.000 persons? > - Is there any way to use theauthentization mechanism for this problem? > > Regards Martin