[racktables-users] user ACL how to

  • From: "Jesús M. Navarro" <jesus.navarro@xxxxxxxxxx>
  • To: racktables-users@xxxxxxxxxxxxx
  • Date: Sat, 21 Jun 2008 18:07:47 +0200

Hi, list:

I've been having a look at the userPermission table and I'm having troubles 
about what the expected format for "page" and "tab" fields is.  On the other 
hand, I'm not clear if the page/tab approach makes so much sense.  I see the 
need for a general "read only" and "read and write" ACL and then some 
granular high level one (probably attached to the "tag" concept), so the 
user-cases become more or less like:

* Some people (some global admin) has read-write access to everything
* Some people (maybe some manager) has read-only access to everything
* Some people (maybe some client) has read-only access to their own assets 
(say, all the objects at whatever location, maybe a rack and its contents)
* Some people (maybe some delegated sysadmin) has read-write access to some 
delegated assets (maybe location-based, "our sysadmin at Colorado Springs", 
maybe kind-of-object-based, "our network guru with access to all routers").

A second, only partially related question: I think your code has some hard 
dependencies on php5, but it's all procedural even when at least some places 
seem to be crying for OOP (the auth code, for instance).  Is there any reason 
not to use classes that I should be aware of?


Other related posts: