Hi everybody,
I have the following problem: I need some kind of hierarchical
authorization.
This is a simplified model:
Company C001...C500
Departement D01...D15
Group G01...G40
Person P01...P30
Not every company has 15 departements, not every departement has 40 groups
and so on, but the whole program should work with up 200.000 persons.
Now some authorizations:
- Every person is allowed to change most of (but not all) of his personal
data.
- Some persons are allowed to change some data of the members of a
specified group or some groups or a departement.
- Some persons are allowed to send messages single persons or to the
members of a group or some groups or a departement or a company.
- Some persons are allowed to change all data of the members of a group
or some groups or a departement or a company.
- Some persons are allowed to do everything (including impersonate) with
all data of the members of a whole departement or company.
- ... and so on ...
One person could be identified by a string field like "C003:D03:G12:P15".
I think I could use the authorization and the decoration of web2py to allow
one person to modify data or to send messages.
- But how could I use the authorization e.g. to modify only some data?
- And if somebody is allowed to change some data he should only see these
persons he is allowed to make modifications.
A sql-statement "where ident like 'C003:D03:G12:%" could do the job.
- But would it be fast enough for 200.000 persons?
- Is there any way to use theauthentization mechanism for this problem?
Regards Martin
