User Tools

Site Tools


new_permission_model

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
new_permission_model [2007/04/26 19:22] – reworked a bit of the code. pizzanew_permission_model [2007/04/26 19:45] (current) – rewrote the last part. pizza
Line 103: Line 103:
 -- We also need Indices! -- We also need Indices!
 </code> </code>
- +==== Psuedocode ====
-==== Migration ==== +
- +
-The goal of this migration is to transform all existing permissions to the new model. +
- +
-== Set things up == +
- +
-  * Create new tables. (see above) +
- +
-  * Create group 0, "Admin Users", and populate it with all admin users. +
- +
-  INSERT INTO groups(identifier, owner_id, description)   +
-       VALUES (0, 0 , 'Administrators'); +
- +
-  INSERT INTO group_memberships(group_id, user) +
-       SELECT 0 as group_id, u.identifier as user +
-         FROM users u, user_type t +
-        WHERE u.type = t.identifier +
-          AND t.value = 'Administrator'; +
- +
-  * Create group 1, "Guest" +
- +
-  INSERT INTO groups(identifier, owner_id, description)   +
-       VALUES (1, 0, 'Guests'); +
- +
-  * Create group 2, "Registered Users", and populate it. +
- +
-  INSERT INTO groups(identifier, owner_id, description)   +
-       VALUES (2, 2, 'Registered Users'); +
- +
-  INSERT INTO group_memberships(group_id, user) +
-       SELECT 2 as group_id, u.identifier as user +
-         FROM users u; +
-   +
-== The following list needs to be repeated for each user == +
- +
-  * Create a new group of the same name, make only that user a member. +
-  $_user_id = ... +
-  $_grp_id = SELECT nextval(groups_sequence); +
-   +
-  INSERT INTO groups(identifier, owner_id, description)   +
-       VALUES (_$grp_id, $_user_id ,'$_username's group'); +
-  INSERT INTO group_memberships(group, user)  +
-       VALUES ($_grp_id, $_user_id); +
- +
-  * Update ownerships to point to the new group: +
- +
-  UPDATE folder f  +
-     SET f.owner = $_grp_id +
-   WHERE f.users = $_user_id; +
-         +
-    UPDATE album a +
-     SET a.owner = $_grp_id +
-   WHERE a.users = $_user_id; +
-   +
-    UPDATE photo p +
-     SET p.owner = $_grp_id +
-   WHERE p.users = $_user_id;   +
- +
-  * Create a new group called "$_userid's clients", make all of their clients members.   +
- +
-  INSERT INTO groups(identifier, description)   +
-       VALUES (SELECT nextval(groups_sequence),'$_userid's clients'); +
-  INSERT INTO group_memberships(group_id, user)   +
-       SELECT $_userid_clients_grpid as group_id, c.client +
-         FROM clients c +
-        WHERE c.users = $_userid; +
- +
-  * Create a group for each individual client and add owner and client to it. +
- +
-== For each folder ==  +
- +
-  * Add row granting owner all rights, including defaults: +
- +
-  INSERT INTO folder_permissions (folder, group_id, edit, caption, delete, list, modify) +
-       VALUES ($_folderid, $_usergrp, 't', 't', 't', 't', 't'); +
- +
-  * if access_rights is private, stop here. +
- +
-  * if access_rights is protected (ie clients-only) +
- +
-  INSERT INTO folder_permissions (folder, group_id, edit, caption, delete, list, modify) +
-       VALUES ($_folderid, $_user_clients_grp, 'f', 'f', 'f', 't', 'f');  +
- +
-  * if access_rights is public (ie everyone) +
- +
-  INSERT INTO folder_permissions (folder, group_id, edit, caption, delete, list, modify) +
-       VALUES ($_folderid, $_guest_grp, 'f', 'f', 'f', 't', 'f');  +
- +
-== For each album: == +
- +
-  * Add row granting owner all rights, including defaults: +
- +
-  INSERT INTO album_permissions (album, group_id, edit, caption, delete, list, modify) +
-       VALUES ($_albumid, $_usergrp, 't', 't', 't', 't', 't'); +
- +
-  * if access_rights is private, stop here. +
- +
-  * if access_rights is protected (ie clients-only) +
- +
-  INSERT INTO album_permissions (album, group_id, edit, caption, delete, list, modify) +
-       VALUES ($_albumid, $_user_client_grp, 'f', 'f', 'f', 't', 'f');  +
- +
-  * if access_rights is public (ie everyone) +
- +
-  INSERT INTO album_permissions (album, group_id, edit, caption, delete, list, modify) +
-       VALUES ($_albumid, $_guest_grp, 'f', 'f', 'f', 't', 'f');  +
- +
-== For each photo: == +
- +
-  * Add row granting owner all rights. +
- +
-  INSERT INTO photo_permissions (photo, group_id, view, details, original, edit, caption, delete) +
-       VALUES ($_photoid, $_usergrp, 't', 't', 't', 't', 't', 't'); +
- +
-  * If access_rights is private, stop here. +
- +
-  * If access_rights is protected (ie clients only): +
- +
-  INSERT INTO photo_permissions (photo, group_id, view, details, original, edit, caption, delete) +
-       VALUES ($_photoid, $_user_client_grp, 't', 't', !$_hide_original, 'f', 'f', 'f'); +
- +
-  * If access_rights is public (ie guest access): +
- +
-  INSERT INTO photo_permissions (photo, group_id, view, details, original, edit, caption, delete) +
-       VALUES ($_photoid, $_guest_grp, 't', 'f', !$_hide_original, 'f', 'f', 'f'); +
- +
-//Note2:  The //hide_original// problem [[pobug>8]] [[pobug>79]] makes this part difficult; existing behaivor says that "if hide_original is false, everyone who can view the preview can download the original." but the help text says "allow for authorized users" but there's no mechanism for saying who those users are.// +
- +
-== Finally == +
- +
-  - Drop all necessary columns from the database (see above) +
-  - ??? +
-  - Profit +
- +
-===== Psuedocode =====+
  
 This code is roughly what we need to do to see if an image/folder/album has the appropriate permissions.  Before it goes into production it'll need to be implemented on the database using pl/pgsql. This code is roughly what we need to do to see if an image/folder/album has the appropriate permissions.  Before it goes into production it'll need to be implemented on the database using pl/pgsql.
Line 288: Line 153:
   * All users (and guests) are implicitly members of the 'guests' group.   * All users (and guests) are implicitly members of the 'guests' group.
  
-==== Source Hax0r (in rough order) ====+==== Migration ==== 
 + 
 +The goal of this migration is to transform all existing permissions to the new model. 
 + 
 +=== Set things up === 
 + 
 +  - Create new tables. (see above) 
 +  - Create group 0, "Admin Users", and populate it with all admin users. 
 +  - Create group 1, "Guests" 
 +  - Create group 2, "Registered Users"
 +   
 +=== The following list needs to be repeated for each user === 
 + 
 +  - If user is admin, add user to "Admin Users" group as an owner. 
 +  - Add user to "Registered Users" group. 
 +  - Create a new "$user's private" group, add user to it as the owner. 
 +  - Create a new "$user's clients" group, add user to it as the owner.  Then add all of user's clients to it. 
 +  - Create a group for each individual client and add user to it as the owner, then add the client to it. 
 + 
 +== For each folder ==  
 + 
 +  - Add row granting owner all rights to the folder. 
 +  - if access_rights is private, stop here. 
 +  - if access_rights is protected (ie clients-only) add a row granting read access to the client group. 
 +  - if access_rights is public (ie everyone) add a row granting read access to guest group. 
 + 
 +== For each album: == 
 + 
 +  - Add row granting owner all rights to the folder. 
 +  - if access_rights is private or album_type is 'client', stop here. 
 +  - if access_rights is protected (ie clients-only) add a row granting read access to the client group. 
 +  - if access_rights is public (ie everyone) add a row granting read access to guest group. 
 + 
 +== For each photo: == 
 + 
 +  - Add row granting owner all rights. 
 +  - if access_rights is protected (ie clients-only) add a row granting read access to the client group. 
 +  - if access_rights is public (ie everyone) add a row granting read access to guest group. 
 +  - If access_rights is private, stop here. 
 + 
 +//Note -- the 'hide_original' setting will be respected for these entries// 
 + 
 +=== Finally === 
 + 
 +  - Drop all obseleted columns and tables from the database (see above) 
 +  
 + 
 +==== Roadmap ====
  
   - Schema finalization   - Schema finalization
   - Migration code for installer   - Migration code for installer
-  - Write PL/pgsql permission lookup code +  - Write PL/pgsql permission lookup code and any necessary triggers. 
-  - Port account registration auto-create groups, etc) +  - Define default permission sets for new users and new folders/albums/photos.  //In other words, each new photo etc gets permissions G1->X, G2->Y, G3->Z)// 
-  - Port photo view/description pages  +  - Port account creation/registration (auto-create necessary groups, etc) 
-  - Port folder/album/search/print/export/spool/etc (photo listing) pages+  - Port admin pages (account status, etc) 
 +  - Port photo & version import pages 
 +  - Port photo view/description/edit pages  
 +  - Port folder/album/search/print/export/spool/etc (ie photo listing) pages
   - Port folder/album add/edit/delete pages (don't forget password-protection!)   - Port folder/album add/edit/delete pages (don't forget password-protection!)
-  - Port photo import/version/etc 
   - Port bulk update   - Port bulk update
-  - Create Group UI elements +  - Create Group management UI elements 
-  - Create Permission UI elements (for photo add and bulk update too!)+  - Create Permission management UI elements (for photo add and bulk update too!)
   - Port over equipment/profile pages.  (yuck)   - Port over equipment/profile pages.  (yuck)
new_permission_model.1177615323.txt.gz · Last modified: 2007/04/26 19:22 by pizza