Updated version of the patch then. Includes case where there is no such row ('create' action). However, I'm not sure if these changes are GAE-compartible. Not sure if bigtable likes .belongs on multiple columns. Can anybody test?
Regards Alexey. --- tools.py_ 2010-09-08 08:40:22.266751051 +0400 +++ tools.py 2010-09-08 09:44:30.050746520 +0400 @@ -2415,17 +2415,10 @@ == user_id).select(membership.group_id) groups = set([row.group_id for row in rows]) permission = self.settings.table_permission - rows = self.db(permission.name == name)(permission.table_name - == str(table_name))(permission.record_id - == record_id).select(permission.group_id) + rows = self.db(permission.name.belongs((name,'any'))& + permission.table_name.belongs((str(table_name),''))& + permission.record_id.belongs((record_id,0))).select(permission.group_id) groups_required = set([row.group_id for row in rows]) - if record_id: - rows = self.db(permission.name - == name)(permission.table_name - == str(table_name))(permission.record_id - == 0).select(permission.group_id) - groups_required = groups_required.union(set([row.group_id - for row in rows])) if groups.intersection(groups_required): r = True else: On Wed, Sep 8, 2010 at 5:14 PM, mdipierro <mdipie...@cs.depaul.edu> wrote: > I think this should be considered a bug and I agree with the change. > Anybody opposed? > > Massimo > > On Sep 7, 11:46 pm, Alexey Nezhdanov <snak...@gmail.com> wrote: > > Hi. I think that I found some inconsistency in the topic. > > When you do, say, > > auth.add_permission(group_id) - it assumes the permission name 'any', > table > > name empty and record_id 0. > > Which in turn feels like "full admin rights" - any action on any table on > > any record. > > In fact, that gives no permissions whatsoever. > > > > I've came out with the following patch to make it work for me, but since > > that is the very core of RBAC, I'm not sure if that is the right solution > or > > if I am looking in the correct direction at all. > > > > --- tools.old.py 2010-09-08 08:40:22.266751051 +0400 > > +++ tools.py 2010-09-08 08:41:25.894746181 +0400 > > @@ -2420,10 +2420,9 @@ > > == record_id).select(permission.group_id) > > groups_required = set([row.group_id for row in rows]) > > if record_id: > > - rows = self.db(permission.name > > - == name)(permission.table_name > > - == str(table_name))(permission.record_id > > - == 0).select(permission.group_id) > > + rows = self.db(permission.name.belongs((name,'any'))& > > + > > permission.table_name.belongs((str(table_name),''))& > > + > > permission.record_id.belongs((record_id,0))).select(permission.group_id) > > groups_required = groups_required.union(set([row.group_id > > for row in rows])) > > if groups.intersection(groups_required): > > > > Regards > > Alexey >