Alec Thomas wrote:
What about this:
class PermissionCache(object):
def has_permission(self, action, resource_type=None, resource_id=None):
def assert_permission(self, action, resource_type=None,
resource_id=None):
def permissions(self, resource_type=None, resource_id=None):
and
class IPermissionPolicy(Interface):
def check_permission(username, action, resource_type, resource_id):
?
Exactly!
In the future, those resources could even know a bit about themselves,
and for resource based permission, we could write things like:
obj.has_permission('WIKI_VIEW')
which would translate into:
def has_permission(action):
self.req.perm.has_permission(action, self.type, self.id)
This could almost be part of your jihad to clarify the distinction between
client/server related objects? :) Probably a good idea though
No, actually the above was part of my TracObject jihad :)
But the distinction client/server is also interesting to make there.
Currently (i.e. in the quite aging trac-xref branch), the TracObjects
used to
know about their environment (self.env), but now I think it makes also sense
that they know about the request (self.req).
-- Christian
_______________________________________________
Trac-dev mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-dev
