Forums / Developer / Access right per user per node ?

Access right per user per node ?

Author Message

Xavier Dutoit

Tuesday 13 June 2006 7:58:08 am

Hi all,

I'd like to create a more collaborative document oriented site.

The owner (and some power users) should be able to grant access right more easily than with the existing admin interface (ie. no need to modify the roles and assign them to groups/nodes, no need to create new sections...).

1) I want to let him the right to choose one or several groups of users and let him grant them a read right on the current node.

2) In also want to let him the right to choos one or several users and let him grant a read or edit right on the current node.

For 1) the features exists and I intend to develop a new extension, where you can for each node add it to a role (add a new content read policy limited to a node for instance).

Not sure how to avoid to start creating roles by dozen and have a f*** mess in a second (probably creating one role per user group and add the read/edit policy restricted to the current node).

Not so sure yet on the feature, nor if it is going to be a big problem on the performance.

For 2) unless I've missed something, that isn't ez standard at all. I don't have any idea of how to do that without ending with one role per user (something I'd rather avoid ;)

I don't know if it would make sense to patch the kernel to add these features.

Anyway, I'd like to discuss that with you, any idea or suggestion more than welcome !

X+

http://www.sydesy.com

Paul Borgermans

Tuesday 13 June 2006 8:53:37 am

Hi Xavier

2) is possible, one role per node wuth different users/groups assigned this role

The best option is to create a small extension which looks up the role if it exists, add/remove users/groups from the node specific role.

The hardest part will be the interface, but look at Kristof's AJAX extensions which provide the best ground to build upon for that

BTW: we need it too, just got a request from a collegue wanting the same ... no option to change their idea with predefined roles on subtrees and simplify their needs.

Regards

Paul

eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans

Xavier Dutoit

Tuesday 13 June 2006 9:09:46 am

Hi Paul,

You're right, having one role per node and assign it to users is probably easier than one role per user and restrict it to nodes.

Probably a few tricky things to sort out, eg. no need to create a new role to grant right to someone that has already access rights because he's a member of a group that has access rights to it.

Do you have any idea of the impact on the performance ?

I've used Kristof's ajax, that's definitively the way to go.

As for the timing on my side, that's exploratory so far, just to see if it's possible and not too outside of the scope of ez. The dev (if it happends) is probably going ot be end of july/early august. I obvioulsy intend to let it GPL, let's talk privately once I've got more visibility on my side (or next time you're in BXL with Kristof, as he won't be able to go back home on his own with the amount of beer I'm going to feed him with ;)

X+

http://www.sydesy.com

Xavier Dutoit

Tuesday 13 June 2006 9:17:26 am

On a second thought, a clever interface should not let the user grant access to a user that has already on this right, ie calculate the access right for each user. I'd guess that without ajax coating, that'd be paintfully slow.

X+

http://www.sydesy.com