Re: [web2py] Re: Contribution
Hi Anthony, thanks, that looks promising, maybe we can find something in one of the links. We also had a brief look at the issue list before, but were uncertain whether or not its up to date or if the mentioned issues are of interest to the project. I guess we will have a closer look to filter some issues we can possibly fix. Again, thanks a lot. Matteo Am 29.10.2011 16:06, schrieb Anthony: Maybe look here for bugs and some feature requests: http://code.google.com/p/web2py/issues/list Some other threads to check out for ideas: https://groups.google.com/forum/#!topic/web2py/DHZ8NhRkeKc/discussion https://groups.google.com/forum/#!topic/web2py/Z_Ffj1GzTZg/discussion https://groups.google.com/forum/#!topic/web2py/3nbrYP7uAkI/discussion https://groups.google.com/forum/#!msg/web2py/e21KNkXky0w/-rOk5SMKKPMJ I like the idea of a "search abstraction layer" for full text search: https://groups.google.com/forum/#!msg/web2py/3nbrYP7uAkI/kT6Z5k2AK0oJ Anthony
Re: [web2py] Re: Contribution
On Saturday, October 29, 2011 8:58:23 AM UTC-4, Hong-Khoan wrote: > > Hi, > > sure. But unfortunately for our practical course we need to fix at least > one non-trivial bugfix or implement a feature. > Maybe look here for bugs and some feature requests: http://code.google.com/p/web2py/issues/list Some other threads to check out for ideas: https://groups.google.com/forum/#!topic/web2py/DHZ8NhRkeKc/discussion https://groups.google.com/forum/#!topic/web2py/Z_Ffj1GzTZg/discussion https://groups.google.com/forum/#!topic/web2py/3nbrYP7uAkI/discussion https://groups.google.com/forum/#!msg/web2py/e21KNkXky0w/-rOk5SMKKPMJ I like the idea of a "search abstraction layer" for full text search: https://groups.google.com/forum/#!msg/web2py/3nbrYP7uAkI/kT6Z5k2AK0oJ Anthony
Re: [web2py] Re: Contribution
Hi, sure. But unfortunately for our practical course we need to fix at least one non-trivial bugfix or implement a feature. Regards Hong-Khoan Am 27.10.2011 23:29, schrieb Triquetra: > I'm sure assistance with documentation would be appreciated by all! > > On Oct 26, 10:16 am, Hong-Khoan Quach > wrote: >> I want to thank you all for your suggestions so far and please >> post further suggestions :). >> >> Massimo, Anthony or other contributors/committers, do you >> have anything on your TODO list ? >> >> Regards >> >> Hong-Khoan >> >> Am 21.10.2011 12:52, schrieb Hong-Khoan Quach: >> >> >> >> >> >> >> >>> Hi there. >> >>> We would like to contribute to web2py for a university open source >>> practical course. Does anyone have an idea for an important/cool feature >>> that we could propose to our supervisor? >>> Furthermore, are there any low hanging fruits, we can start with? >> >>> Regards >> >>> Matteo and Hong-Khoan >> >> >> >> signature.asc >> < 1KViewDownload signature.asc Description: OpenPGP digital signature
Re: [web2py] Re: Contribution
I just read the doc... Not sure what I suggest is possible... According to the doc it would need something like this to work: auth.has_permission(group_id, 'read', 'table123', field123 == 'something') This would lead to check if a user as the permission read on table123 when field123 has the value something... It would be great if it is possible... Richard On Wed, Oct 26, 2011 at 2:03 PM, Richard Vézina wrote: > And why the object could not be a query that can return a list of records > having the state you are looking for?? > > Richard > > > On Mon, Oct 24, 2011 at 8:25 PM, Triquetra < > trique...@triquetradevelopment.com> wrote: > >> No, I don't think this helps, unless I'm misunderstanding something >> (which is possible). >> >> When using "auth.add_permission(group_id, 'name', 'object', >> record_id)" the CRUD permissions are only enforced if the object is a >> table (according to the book). So, even assuming one could pass a >> column as the object (to enable field based access control), the >> web2py access system will not automatically enforce CRUD permissions >> on this object (like it would with tables or records). This level of >> access control would require additional manual enforcement in the >> controllers. >> >> This doesn't help with state based permissions either. The issue here >> is that permissions may change depending upon the state of the >> object. Workflows are a good example. If A is in group author and E >> is in group editor, a workflow may demand that A has full CRUD rights >> until the article is submitted for editing, then A only has read >> rights over the SAME record and editor group gets read and update >> rights only after submission of the article for editing. Same record, >> same groups, same users -- different permissions based on the state of >> the record (which could be indicated by the content of a field). >> >> > On Friday, October 21, 2011 3:54:26 PM UTC-4, Triquetra wrote: >> > >> > > I'd like to see >> > > web2py's access control beefed up (thus permitting easy development of >> > > workflows, among other things). Specifically, the current web2py RBAC >> > > has two levels of granularity: table and record (row). This should be >> > >> > extended to include field(column), type(controller), and >> > >> > > context(state). >> > >> > auth.add_permission(group_id, 'name', 'object', record_id) >> > >> > In the above, 'object' can be any user-defined object, not just a DB >> table >> > (record_id is only relevant if the object is a table). Does that help? >> > >> > > Although the type(controller) access control is currently implemented >> > > via decorators in web2py, this is restricted to coders. >> > >> > You don't have to use decorators. You can directly check for permissions >> via >> > auth.has_membership() and auth.has_permission(). >> > >
Re: [web2py] Re: Contribution
And why the object could not be a query that can return a list of records having the state you are looking for?? Richard On Mon, Oct 24, 2011 at 8:25 PM, Triquetra < trique...@triquetradevelopment.com> wrote: > No, I don't think this helps, unless I'm misunderstanding something > (which is possible). > > When using "auth.add_permission(group_id, 'name', 'object', > record_id)" the CRUD permissions are only enforced if the object is a > table (according to the book). So, even assuming one could pass a > column as the object (to enable field based access control), the > web2py access system will not automatically enforce CRUD permissions > on this object (like it would with tables or records). This level of > access control would require additional manual enforcement in the > controllers. > > This doesn't help with state based permissions either. The issue here > is that permissions may change depending upon the state of the > object. Workflows are a good example. If A is in group author and E > is in group editor, a workflow may demand that A has full CRUD rights > until the article is submitted for editing, then A only has read > rights over the SAME record and editor group gets read and update > rights only after submission of the article for editing. Same record, > same groups, same users -- different permissions based on the state of > the record (which could be indicated by the content of a field). > > > On Friday, October 21, 2011 3:54:26 PM UTC-4, Triquetra wrote: > > > > > I'd like to see > > > web2py's access control beefed up (thus permitting easy development of > > > workflows, among other things). Specifically, the current web2py RBAC > > > has two levels of granularity: table and record (row). This should be > > > > extended to include field(column), type(controller), and > > > > > context(state). > > > > auth.add_permission(group_id, 'name', 'object', record_id) > > > > In the above, 'object' can be any user-defined object, not just a DB > table > > (record_id is only relevant if the object is a table). Does that help? > > > > > Although the type(controller) access control is currently implemented > > > via decorators in web2py, this is restricted to coders. > > > > You don't have to use decorators. You can directly check for permissions > via > > auth.has_membership() and auth.has_permission(). >