Differences

This shows you the differences between two versions of the page.

--- new_permission_model [2007/04/26 19:23] – rearranged the ordering a bit. pizza
+++ new_permission_model [2007/04/26 19:45] (current) – rewrote the last part. pizza
@@ Line 157: / Line 157: @@
 The goal of this migration is to transform all existing permissions to the new model.
-== Set things up ==
+=== Set things up ===
-  * Create new tables. (see above)
+  - Create new tables. (see above)
+  - Create group 0, "Admin Users", and populate it with all admin users.
-  * Create group 0, "Admin Users", and populate it with all admin users.
+  - Create group 1, "Guests"
+  - Create group 2, "Registered Users".
-  INSERT INTO groups(identifier, owner_id, description)
-       VALUES (0, 0 , 'Administrators');
-  INSERT INTO group_memberships(group_id, user)
-       SELECT 0 as group_id, u.identifier as user
-         FROM users u, user_type t
-        WHERE u.type = t.identifier
-          AND t.value = 'Administrator';
-  * Create group 1, "Guest"
-  INSERT INTO groups(identifier, owner_id, description)
-       VALUES (1, 0, 'Guests');
-  * Create group 2, "Registered Users", and populate it.
-  INSERT INTO groups(identifier, owner_id, description)
-       VALUES (2, 2, 'Registered Users');
-  INSERT INTO group_memberships(group_id, user)
-       SELECT 2 as group_id, u.identifier as user
-         FROM users u;
-== The following list needs to be repeated for each user ==
+=== The following list needs to be repeated for each user ===
-  * Create a new group of the same name, make only that user a member.
+  - If user is admin, add user to "Admin Users" group as an owner.
-  $_user_id = ...
+  - Add user to "Registered Users" group.
-  $_grp_id = SELECT nextval(groups_sequence);
+  - Create a new "$user's private" group, add user to it as the owner.
+  - Create a new "$user's clients" group, add user to it as the owner.  Then add all of user's clients to it.
-  INSERT INTO groups(identifier, owner_id, description)
+  - Create a group for each individual client and add user to it as the owner, then add the client to it.
-       VALUES (_$grp_id, $_user_id ,'$_username's group');
-  INSERT INTO group_memberships(group, user)
-       VALUES ($_grp_id, $_user_id);
-  * Update ownerships to point to the new group:
-  UPDATE folder f
-     SET f.owner = $_grp_id
-   WHERE f.users = $_user_id;
-    UPDATE album a
-     SET a.owner = $_grp_id
-   WHERE a.users = $_user_id;
-    UPDATE photo p
-     SET p.owner = $_grp_id
-   WHERE p.users = $_user_id;
-  * Create a new group called "$_userid's clients", make all of their clients members.
-  INSERT INTO groups(identifier, description)
-       VALUES (SELECT nextval(groups_sequence),'$_userid's clients');
-  INSERT INTO group_memberships(group_id, user)
-       SELECT $_userid_clients_grpid as group_id, c.client
-         FROM clients c
-        WHERE c.users = $_userid;
-  * Create a group for each individual client and add owner and client to it.
 == For each folder ==
-  * Add row granting owner all rights, including defaults:
+  - Add row granting owner all rights to the folder.
+  - if access_rights is private, stop here.
-  INSERT INTO folder_permissions (folder, group_id, edit, caption, delete, list, modify)
+  - if access_rights is protected (ie clients-only) add a row granting read access to the client group.
-       VALUES ($_folderid, $_usergrp, 't', 't', 't', 't', 't');
+  - if access_rights is public (ie everyone) add a row granting read access to guest group.
-  * if access_rights is private, stop here.
-  * if access_rights is protected (ie clients-only)
-  INSERT INTO folder_permissions (folder, group_id, edit, caption, delete, list, modify)
-       VALUES ($_folderid, $_user_clients_grp, 'f', 'f', 'f', 't', 'f');
-  * if access_rights is public (ie everyone)
-  INSERT INTO folder_permissions (folder, group_id, edit, caption, delete, list, modify)
-       VALUES ($_folderid, $_guest_grp, 'f', 'f', 'f', 't', 'f');
 == For each album: ==
-  * Add row granting owner all rights, including defaults:
+  - Add row granting owner all rights to the folder.
+  - if access_rights is private or album_type is 'client', stop here.
-  INSERT INTO album_permissions (album, group_id, edit, caption, delete, list, modify)
+  - if access_rights is protected (ie clients-only) add a row granting read access to the client group.
-       VALUES ($_albumid, $_usergrp, 't', 't', 't', 't', 't');
+  - if access_rights is public (ie everyone) add a row granting read access to guest group.
-  * if access_rights is private, stop here.
-  * if access_rights is protected (ie clients-only)
-  INSERT INTO album_permissions (album, group_id, edit, caption, delete, list, modify)
-       VALUES ($_albumid, $_user_client_grp, 'f', 'f', 'f', 't', 'f');
-  * if access_rights is public (ie everyone)
-  INSERT INTO album_permissions (album, group_id, edit, caption, delete, list, modify)
-       VALUES ($_albumid, $_guest_grp, 'f', 'f', 'f', 't', 'f');
 == For each photo: ==
-  * Add row granting owner all rights.
+  - Add row granting owner all rights.
+  - if access_rights is protected (ie clients-only) add a row granting read access to the client group.
-  INSERT INTO photo_permissions (photo, group_id, view, details, original, edit, caption, delete)
+  - if access_rights is public (ie everyone) add a row granting read access to guest group.
-       VALUES ($_photoid, $_usergrp, 't', 't', 't', 't', 't', 't');
+  - If access_rights is private, stop here.
-  * If access_rights is private, stop here.
-  * If access_rights is protected (ie clients only):
-  INSERT INTO photo_permissions (photo, group_id, view, details, original, edit, caption, delete)
-       VALUES ($_photoid, $_user_client_grp, 't', 't', !$_hide_original, 'f', 'f', 'f');
-  * If access_rights is public (ie guest access):
-  INSERT INTO photo_permissions (photo, group_id, view, details, original, edit, caption, delete)
-       VALUES ($_photoid, $_guest_grp, 't', 'f', !$_hide_original, 'f', 'f', 'f');
-//Note2:  The //hide_original// problem [[pobug>8]] [[pobug>79]] makes this part difficult; existing behaivor says that "if hide_original is false, everyone who can view the preview can download the original." but the help text says "allow for authorized users" but there's no mechanism for saying who those users are.//
+//Note -- the 'hide_original' setting will be respected for these entries//
-== Finally ==
+=== Finally ===
-  - Drop all necessary columns from the database (see above)
+  - Drop all obseleted columns and tables from the database (see above)
-  - ???
-  - Profit
-==== Source Hax0r (in rough order) ====
+==== Roadmap ====
   - Schema finalization
   - Migration code for installer
-  - Write PL/pgsql permission lookup code
+  - Write PL/pgsql permission lookup code and any necessary triggers.
-  - Port account registration auto-create groups, etc)
+  - Define default permission sets for new users and new folders/albums/photos.  //In other words, each new photo etc gets permissions G1->X, G2->Y, G3->Z)//
-  - Port photo view/description pages
+  - Port account creation/registration (auto-create necessary groups, etc)
-  - Port folder/album/search/print/export/spool/etc (photo listing) pages
+  - Port admin pages (account status, etc)
+  - Port photo & version import pages
+  - Port photo view/description/edit pages
+  - Port folder/album/search/print/export/spool/etc (ie photo listing) pages
   - Port folder/album add/edit/delete pages (don't forget password-protection!)
-  - Port photo import/version/etc
   - Port bulk update
-  - Create Group UI elements
+  - Create Group management UI elements
-  - Create Permission UI elements (for photo add and bulk update too!)
+  - Create Permission management UI elements (for photo add and bulk update too!)
   - Port over equipment/profile pages.  (yuck)