new_permission_model
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
new_permission_model [2007/04/26 19:22] – reworked a bit of the code. pizza | new_permission_model [2007/04/26 19:45] (current) – rewrote the last part. pizza | ||
---|---|---|---|
Line 103: | Line 103: | ||
-- We also need Indices! | -- We also need Indices! | ||
</ | </ | ||
- | + | ==== Psuedocode ==== | |
- | ==== Migration ==== | + | |
- | + | ||
- | The goal of this migration is to transform all existing permissions to the new model. | + | |
- | + | ||
- | == Set things up == | + | |
- | + | ||
- | * Create new tables. (see above) | + | |
- | + | ||
- | * Create group 0, "Admin Users", | + | |
- | + | ||
- | INSERT INTO groups(identifier, | + | |
- | | + | |
- | + | ||
- | INSERT INTO group_memberships(group_id, | + | |
- | | + | |
- | FROM users u, user_type t | + | |
- | WHERE u.type = t.identifier | + | |
- | AND t.value = ' | + | |
- | + | ||
- | * Create group 1, " | + | |
- | + | ||
- | INSERT INTO groups(identifier, | + | |
- | | + | |
- | + | ||
- | * Create group 2, " | + | |
- | + | ||
- | INSERT INTO groups(identifier, | + | |
- | | + | |
- | + | ||
- | INSERT INTO group_memberships(group_id, | + | |
- | | + | |
- | FROM users u; | + | |
- | + | ||
- | == The following list needs to be repeated for each user == | + | |
- | + | ||
- | * Create a new group of the same name, make only that user a member. | + | |
- | $_user_id = ... | + | |
- | $_grp_id = SELECT nextval(groups_sequence); | + | |
- | + | ||
- | INSERT INTO groups(identifier, | + | |
- | | + | |
- | INSERT INTO group_memberships(group, | + | |
- | | + | |
- | + | ||
- | * Update ownerships to point to the new group: | + | |
- | + | ||
- | UPDATE folder f | + | |
- | SET f.owner = $_grp_id | + | |
- | WHERE f.users = $_user_id; | + | |
- | + | ||
- | UPDATE album a | + | |
- | SET a.owner = $_grp_id | + | |
- | WHERE a.users = $_user_id; | + | |
- | + | ||
- | UPDATE photo p | + | |
- | SET p.owner = $_grp_id | + | |
- | WHERE p.users = $_user_id; | + | |
- | + | ||
- | * Create a new group called " | + | |
- | + | ||
- | INSERT INTO groups(identifier, | + | |
- | | + | |
- | INSERT INTO group_memberships(group_id, | + | |
- | | + | |
- | FROM clients c | + | |
- | WHERE c.users = $_userid; | + | |
- | + | ||
- | * Create a group for each individual client and add owner and client to it. | + | |
- | + | ||
- | == For each folder == | + | |
- | + | ||
- | * Add row granting owner all rights, including defaults: | + | |
- | + | ||
- | INSERT INTO folder_permissions (folder, group_id, edit, caption, delete, list, modify) | + | |
- | | + | |
- | + | ||
- | * if access_rights is private, stop here. | + | |
- | + | ||
- | * if access_rights is protected (ie clients-only) | + | |
- | + | ||
- | INSERT INTO folder_permissions (folder, group_id, edit, caption, delete, list, modify) | + | |
- | | + | |
- | + | ||
- | * if access_rights is public (ie everyone) | + | |
- | + | ||
- | INSERT INTO folder_permissions (folder, group_id, edit, caption, delete, list, modify) | + | |
- | | + | |
- | + | ||
- | == For each album: == | + | |
- | + | ||
- | * Add row granting owner all rights, including defaults: | + | |
- | + | ||
- | INSERT INTO album_permissions (album, group_id, edit, caption, delete, list, modify) | + | |
- | | + | |
- | + | ||
- | * if access_rights is private, stop here. | + | |
- | + | ||
- | * if access_rights is protected (ie clients-only) | + | |
- | + | ||
- | INSERT INTO album_permissions (album, group_id, edit, caption, delete, list, modify) | + | |
- | | + | |
- | + | ||
- | * if access_rights is public (ie everyone) | + | |
- | + | ||
- | INSERT INTO album_permissions (album, group_id, edit, caption, delete, list, modify) | + | |
- | | + | |
- | + | ||
- | == For each photo: == | + | |
- | + | ||
- | * Add row granting owner all rights. | + | |
- | + | ||
- | INSERT INTO photo_permissions (photo, group_id, view, details, original, edit, caption, delete) | + | |
- | | + | |
- | + | ||
- | * If access_rights is private, stop here. | + | |
- | + | ||
- | * If access_rights is protected (ie clients only): | + | |
- | + | ||
- | INSERT INTO photo_permissions (photo, group_id, view, details, original, edit, caption, delete) | + | |
- | | + | |
- | + | ||
- | * If access_rights is public (ie guest access): | + | |
- | + | ||
- | INSERT INTO photo_permissions (photo, group_id, view, details, original, edit, caption, delete) | + | |
- | | + | |
- | + | ||
- | // | + | |
- | + | ||
- | == Finally == | + | |
- | + | ||
- | - Drop all necessary columns from the database (see above) | + | |
- | - ??? | + | |
- | - Profit | + | |
- | + | ||
- | ===== Psuedocode | + | |
This code is roughly what we need to do to see if an image/ | This code is roughly what we need to do to see if an image/ | ||
Line 288: | Line 153: | ||
* All users (and guests) are implicitly members of the ' | * All users (and guests) are implicitly members of the ' | ||
- | ==== Source Hax0r (in rough order) ==== | + | ==== Migration ==== |
+ | |||
+ | The goal of this migration is to transform all existing permissions to the new model. | ||
+ | |||
+ | === Set things up === | ||
+ | |||
+ | - Create new tables. | ||
+ | - Create group 0, "Admin Users", | ||
+ | - Create group 1, " | ||
+ | - Create group 2, " | ||
+ | |||
+ | === The following list needs to be repeated for each user === | ||
+ | |||
+ | - If user is admin, add user to "Admin Users" group as an owner. | ||
+ | - Add user to " | ||
+ | - Create a new " | ||
+ | - Create a new " | ||
+ | - Create a group for each individual client and add user to it as the owner, then add the client to it. | ||
+ | |||
+ | == For each folder == | ||
+ | |||
+ | - Add row granting owner all rights to the folder. | ||
+ | - if access_rights is private, stop here. | ||
+ | - if access_rights is protected (ie clients-only) add a row granting read access to the client group. | ||
+ | - if access_rights is public (ie everyone) add a row granting read access to guest group. | ||
+ | |||
+ | == For each album: == | ||
+ | |||
+ | - Add row granting owner all rights to the folder. | ||
+ | - if access_rights is private or album_type is ' | ||
+ | - if access_rights is protected (ie clients-only) add a row granting read access to the client group. | ||
+ | - if access_rights is public (ie everyone) add a row granting read access to guest group. | ||
+ | |||
+ | == For each photo: == | ||
+ | |||
+ | - Add row granting owner all rights. | ||
+ | - if access_rights is protected (ie clients-only) add a row granting read access to the client group. | ||
+ | - if access_rights is public (ie everyone) add a row granting read access to guest group. | ||
+ | - If access_rights is private, stop here. | ||
+ | |||
+ | //Note -- the ' | ||
+ | |||
+ | === Finally === | ||
+ | |||
+ | - Drop all obseleted columns and tables from the database (see above) | ||
+ | |||
+ | |||
+ | ==== Roadmap | ||
- Schema finalization | - Schema finalization | ||
- Migration code for installer | - Migration code for installer | ||
- | - Write PL/pgsql permission lookup code | + | - Write PL/pgsql permission lookup code and any necessary triggers. |
- | - Port account registration auto-create groups, etc) | + | - Define default permission sets for new users and new folders/ |
- | - Port photo view/ | + | - Port account |
- | - Port folder/ | + | - Port admin pages (account status, etc) |
+ | - Port photo & version import pages | ||
+ | - Port photo view/ | ||
+ | - Port folder/ | ||
- Port folder/ | - Port folder/ | ||
- | - Port photo import/ | ||
- Port bulk update | - Port bulk update | ||
- | - Create Group UI elements | + | - Create Group management |
- | - Create Permission UI elements (for photo add and bulk update too!) | + | - Create Permission |
- Port over equipment/ | - Port over equipment/ |
new_permission_model.1177615323.txt.gz · Last modified: 2007/04/26 19:22 by pizza