Isn't this a perfect example of a place to use web2py with LDAP? -- Joe
On Mar 20, 5:22 am, Martin Weissenboeck <mweis...@gmail.com> wrote: > Hi everybody, > I have the following problem: I need some kind of hierarchical > authorization. > > This is a simplified model: > Company C001...C500 > Departement D01...D15 > Group G01...G40 > Person P01...P30 > > Not every company has 15 departements, not every departement has 40 groups > and so on, but the whole program should work with up 200.000 persons. > > Now some authorizations: > > - Every person is allowed to change most of (but not all) of his personal > data. > - Some persons are allowed to change some data of the members of a > specified group or some groups or a departement. > - Some persons are allowed to send messages single persons or to the > members of a group or some groups or a departement or a company. > - Some persons are allowed to change all data of the members of a group > or some groups or a departement or a company. > - Some persons are allowed to do everything (including impersonate) with > all data of the members of a whole departement or company. > - ... and so on ... > > One person could be identified by a string field like "C003:D03:G12:P15". > > I think I could use the authorization and the decoration of web2py to allow > one person to modify data or to send messages. > > - But how could I use the authorization e.g. to modify only some data? > - And if somebody is allowed to change some data he should only see these > persons he is allowed to make modifications. > > A sql-statement "where ident like 'C003:D03:G12:%" could do the job. > > - But would it be fast enough for 200.000 persons? > - Is there any way to use theauthentization mechanism for this problem? > > Regards Martin
