Re: [web2py] Re: CRUD RBAC problem

Wed, 08 Sep 2010 19:20:23 -0700 

Sure

On Thu, Sep 9, 2010 at 6:11 AM, mdipierro <mdipie...@cs.depaul.edu> wrote:

> No, it does not. It must be done in two queries. Can you send me the
> patch by email? thanks.
>
> On Sep 8, 8:44 pm, Alexey Nezhdanov <snak...@gmail.com> wrote:
> > Updated version of the patch then. Includes case where there is no such
> row
> > ('create' action).
> > However, I'm not sure if these changes are GAE-compartible. Not sure if
> > bigtable likes .belongs on multiple columns.
> > Can anybody test?
> >
> > Regards
> > Alexey.
> >
> > --- tools.py_   2010-09-08 08:40:22.266751051 +0400
> > +++ tools.py    2010-09-08 09:44:30.050746520 +0400
> > @@ -2415,17 +2415,10 @@
> >                          == user_id).select(membership.group_id)
> >          groups = set([row.group_id for row in rows])
> >          permission = self.settings.table_permission
> > -        rows = self.db(permission.name == name)(permission.table_name
> > -                 == str(table_name))(permission.record_id
> > -                 == record_id).select(permission.group_id)
> > +        rows = self.db(permission.name.belongs((name,'any'))&
> > +
> permission.table_name.belongs((str(table_name),''))&
> > +
> > permission.record_id.belongs((record_id,0))).select(permission.group_id)
> >          groups_required = set([row.group_id for row in rows])
> > -        if record_id:
> > -            rows = self.db(permission.name
> > -                            == name)(permission.table_name
> > -                     == str(table_name))(permission.record_id
> > -                     == 0).select(permission.group_id)
> > -            groups_required = groups_required.union(set([row.group_id
> > -                    for row in rows]))
> >          if groups.intersection(groups_required):
> >              r = True
> >          else:
> >
> > On Wed, Sep 8, 2010 at 5:14 PM, mdipierro <mdipie...@cs.depaul.edu>
> wrote:
> > > I think this should be considered a bug and I agree with the change.
> > > Anybody opposed?
> >
> > > Massimo
> >
> > > On Sep 7, 11:46 pm, Alexey Nezhdanov <snak...@gmail.com> wrote:
> > > > Hi. I think that I found some inconsistency in the topic.
> > > > When you do, say,
> > > > auth.add_permission(group_id) - it assumes the permission name 'any',
> > > table
> > > > name empty and record_id 0.
> > > > Which in turn feels like "full admin rights" - any action on any
> table on
> > > > any record.
> > > > In fact, that gives no permissions whatsoever.
> >
> > > > I've came out with the following patch to make it work for me, but
> since
> > > > that is the very core of RBAC, I'm not sure if that is the right
> solution
> > > or
> > > > if I am looking in the correct direction at all.
> >
> > > > --- tools.old.py        2010-09-08 08:40:22.266751051 +0400
> > > > +++ tools.py    2010-09-08 08:41:25.894746181 +0400
> > > > @@ -2420,10 +2420,9 @@
> > > >                   == record_id).select(permission.group_id)
> > > >          groups_required = set([row.group_id for row in rows])
> > > >          if record_id:
> > > > -            rows = self.db(permission.name
> > > > -                            == name)(permission.table_name
> > > > -                     == str(table_name))(permission.record_id
> > > > -                     == 0).select(permission.group_id)
> > > > +            rows = self.db(permission.name.belongs((name,'any'))&
> > > > +
> > > > permission.table_name.belongs((str(table_name),''))&
> > > > +
> > > >
> permission.record_id.belongs((record_id,0))).select(permission.group_id)
> > > >              groups_required =
> groups_required.union(set([row.group_id
> > > >                      for row in rows]))
> > > >          if groups.intersection(groups_required):
> >
> > > > Regards
> > > > Alexey
> >
> >
>

--- tools.py_	2010-09-08 08:40:22.266751051 +0400
+++ tools.py	2010-09-08 09:44:30.050746520 +0400
@@ -2415,17 +2415,10 @@
                         == user_id).select(membership.group_id)
         groups = set([row.group_id for row in rows])
         permission = self.settings.table_permission
-        rows = self.db(permission.name == name)(permission.table_name
-                 == str(table_name))(permission.record_id
-                 == record_id).select(permission.group_id)
+        rows = self.db(permission.name.belongs((name,'any'))&
+                       permission.table_name.belongs((str(table_name),''))&
+                       permission.record_id.belongs((record_id,0))).select(permission.group_id)
         groups_required = set([row.group_id for row in rows])
-        if record_id:
-            rows = self.db(permission.name
-                            == name)(permission.table_name
-                     == str(table_name))(permission.record_id
-                     == 0).select(permission.group_id)
-            groups_required = groups_required.union(set([row.group_id
-                    for row in rows]))
         if groups.intersection(groups_required):
             r = True
         else:

Reply via email to