Access right per user per node ?

Next topic

Author	Message
Xavier Dutoit	Tuesday 13 June 2006 7:58:08 am Hi all, I'd like to create a more collaborative document oriented site. The owner (and some power users) should be able to grant access right more easily than with the existing admin interface (ie. no need to modify the roles and assign them to groups/nodes, no need to create new sections...). 1) I want to let him the right to choose one or several groups of users and let him grant them a read right on the current node. 2) In also want to let him the right to choos one or several users and let him grant a read or edit right on the current node. For 1) the features exists and I intend to develop a new extension, where you can for each node add it to a role (add a new content read policy limited to a node for instance). Not sure how to avoid to start creating roles by dozen and have a f*** mess in a second (probably creating one role per user group and add the read/edit policy restricted to the current node). Not so sure yet on the feature, nor if it is going to be a big problem on the performance. For 2) unless I've missed something, that isn't ez standard at all. I don't have any idea of how to do that without ending with one role per user (something I'd rather avoid ;) I don't know if it would make sense to patch the kernel to add these features. Anyway, I'd like to discuss that with you, any idea or suggestion more than welcome ! X+ http://www.sydesy.com
Paul Borgermans	Tuesday 13 June 2006 8:53:37 am Hi Xavier 2) is possible, one role per node wuth different users/groups assigned this role The best option is to create a small extension which looks up the role if it exists, add/remove users/groups from the node specific role. The hardest part will be the interface, but look at Kristof's AJAX extensions which provide the best ground to build upon for that BTW: we need it too, just got a request from a collegue wanting the same ... no option to change their idea with predefined roles on subtrees and simplify their needs. Regards Paul eZ Publish, eZ Find, Solr expert consulting and training http://twitter.com/paulborgermans
Xavier Dutoit	Tuesday 13 June 2006 9:09:46 am Hi Paul, You're right, having one role per node and assign it to users is probably easier than one role per user and restrict it to nodes. Probably a few tricky things to sort out, eg. no need to create a new role to grant right to someone that has already access rights because he's a member of a group that has access rights to it. Do you have any idea of the impact on the performance ? I've used Kristof's ajax, that's definitively the way to go. As for the timing on my side, that's exploratory so far, just to see if it's possible and not too outside of the scope of ez. The dev (if it happends) is probably going ot be end of july/early august. I obvioulsy intend to let it GPL, let's talk privately once I've got more visibility on my side (or next time you're in BXL with Kristof, as he won't be able to go back home on his own with the amount of beer I'm going to feed him with ;) X+ http://www.sydesy.com
Xavier Dutoit	Tuesday 13 June 2006 9:17:26 am On a second thought, a clever interface should not let the user grant access to a user that has already on this right, ie calculate the access right for each user. I'd guess that without ajax coating, that'd be paintfully slow. X+ http://www.sydesy.com

eZ debug

Timing:	Jan 19 2025 01:15:08
Script start
Timing:	Jan 19 2025 01:15:08
Module start 'layout'
Timing:	Jan 19 2025 01:15:08
Module start 'content'
Timing:	Jan 19 2025 01:15:09
Module end 'content'
Timing:	Jan 19 2025 01:15:09
Script end

Main resources:

Total runtime	0.8009 sec
Peak memory usage	4,096.0000 KB
Database Queries	60

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0070	589.1563	152.6250
Module start 'layout'	0.0070	0.0036	741.7813	39.4453
Module start 'content'	0.0106	0.7888	781.2266	556.7188
Module end 'content'	0.7994	0.0015	1,337.9453	16.1563
Script end	0.8009		1,354.1016

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0038	0.4769	16	0.0002
Check MTime	0.0014	0.1774	16	0.0001
Mysql Total
Database connection	0.0017	0.2103	1	0.0017
Mysqli_queries	0.7343	91.6822	60	0.0122
Looping result	0.0006	0.0722	58	0.0000
Template Total	0.7610	95.0	2	0.3805
Template load	0.0021	0.2662	2	0.0011
Template processing	0.7588	94.7494	2	0.3794
Template load and register function	0.0001	0.0132	1	0.0001
states
state_id_array	0.0012	0.1513	1	0.0012
state_identifier_array	0.0013	0.1678	2	0.0007
Override
Cache load	0.0019	0.2334	38	0.0000
Sytem overhead
Fetch class attribute can translate value	0.0006	0.0753	2	0.0003
Fetch class attribute name	0.0020	0.2548	6	0.0003
XML
Image XML parsing	0.0014	0.1775	2	0.0007
class_abstraction
Instantiating content class attribute	0.0000	0.0024	8	0.0000
General
dbfile	0.0020	0.2511	23	0.0001
String conversion	0.0000	0.0010	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
4	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
4	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
4	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 14 Number of unique templates used: 5

Time used to render debug report: 0.0001 secs