Is it possible to use LDAP together with the Goole App Engine?
2011/3/21 Martin Weissenboeck mweis...@gmail.com
Thank you for this hint.
I do not have any experience with LDAP but of course it would be an
interesting callenge to learn more.
2011/3/21 Joe Barnhart joe.barnh...@gmail.com
Isn't this a perfect example of a place to use web2py with LDAP?
-- Joe
On Mar 20, 5:22 am, Martin Weissenboeck mweis...@gmail.com wrote:
Hi everybody,
I have the following problem: I need some kind of hierarchical
authorization.
This is a simplified model:
Company C001...C500
Departement D01...D15
Group G01...G40
Person P01...P30
Not every company has 15 departements, not every departement has 40
groups
and so on, but the whole program should work with up 200.000 persons.
Now some authorizations:
- Every person is allowed to change most of (but not all) of his
personal
data.
- Some persons are allowed to change some data of the members of a
specified group or some groups or a departement.
- Some persons are allowed to send messages single persons or to the
members of a group or some groups or a departement or a company.
- Some persons are allowed to change all data of the members of a
group
or some groups or a departement or a company.
- Some persons are allowed to do everything (including impersonate)
with
all data of the members of a whole departement or company.
- ... and so on ...
One person could be identified by a string field like
C003:D03:G12:P15.
I think I could use the authorization and the decoration of web2py to
allow
one person to modify data or to send messages.
- But how could I use the authorization e.g. to modify only some
data?
- And if somebody is allowed to change some data he should only see
these
persons he is allowed to make modifications.
A sql-statement where ident like 'C003:D03:G12:% could do the job.
- But would it be fast enough for 200.000 persons?
- Is there any way to use theauthentization mechanism for this
problem?
Regards Martin