durusmail: quixote-users: ContactAdmin misnomer?
ContactAdmin misnomer?
2005-10-07
mario ruggier
2005-10-07
David Binger
2005-10-07
mario ruggier
2005-10-07
David Binger
2005-10-08
mario ruggier
2005-10-08
David Binger
2005-10-08
mario ruggier
2005-10-08
David Binger
Re: ContactAdmin misnomer?
2005-10-07
Michael Watkins
Re: ContactAdmin misnomer?
2005-10-07
Michael Watkins
ContactAdmin misnomer?
mario ruggier
2005-10-08
Thanks. It is very nice and simple. A few comments:

While we are talking about names, should'nt that be "grantee" and not
"granter" ?
Just to clarify, what grant() does may be simply said:
        Subject (user self) : Verb (permission) : Object (receiver of the
allowed action)
And, when object is just True, then the subject is granted the
permission open-endedly...

Plus, what about revoke instead of ungrant?

For expiring permissions (such as valid paid subscription), one would
need to customize is_granted(), e.g. to call a specific function that
checks the validity of the permission? So, persisting this info does
not seem like such a good idea... Unless, a permissions can be
scheduled, e.g., with a start and end date, the is_granted() check can
therefore be self-contained. And how the start and end-dates are set
will be external application logic.

mario



On Oct 7, 2005, at 10:39 PM, David Binger wrote:

# PersistentSet is a new durus type.
# string is a new spec that includes unicodes and ascii strs.

class Permissions (PersistentDict):

     data_is = {string:sequence(either(Persistent, True), PersistentSet)}

     def grant(self, permission, granter):
         require(permission, string)
         require(granter, either(Persistent, True))
         if permission not in self:
             self[permission] = PersistentSet([granter])
         else:
             self[permission].add(granter)

     def ungrant(self, permission, granter):
         require(permission, string)
         require(granter, either(Persistent, True))
         if self.is_granted(permission, granter):
             self.data[permission].remove(granter)
             if len(self.data[permission]) == 0:
                 del self.data[permission]

     def is_granted(self, permission, granter):
         return granter in self.get(permission, [])

class DulcineaUser(DulcineaPersistent):

     global_permissions = {
         "act-as":
             "Allow to act as another user.",
         "create-users":
             "Allow the creation of other users.",
         "manage-permissions":
             "Allow changing of permissions.",
         "staff":
             "Is a member of the staff",
         "system":
             "Allow to do things normally done by the software system.",
         }

     permissions_is = Permissions

     ...

     def is_admin(self):
         return self.is_granted('staff')

     def is_granted(self, permission, granter=True):
         return self.get_permissions().is_granted(permission, granter)
reply