Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Ive revamped Nodelet Settings to use nodelet permissions In a sense this can be seen as a prototype of what I want to do with the approval system.

My proposal is this: We add a column to the nodegroup table to store either a flag or nodetype of the node mentioned. This flag/nodetype tells us if the entry is a user/group/evalable rule. The user/group scenario would be unchanged. The evalable rule would be evalled and then its return would determine what would happen. I propose that if it returns 0 it is a deny access rule and says the user is explicity NOT approved despite any further rules or group memberships. If it returns 1 it implies the user is explicitly approved and not to bother searching the rest of the list. If it returns undef it implies that the rule doesnt apply at all and to continue applying further rules or checking further membership.

The paralel here is that the "apply_order" is much like a group list, (forget about the fact that we are dealing with lists of things you can see based on membership, pretend the results are just 1/undef). The entries in the setting that start with \s*{ are code rules that are evalled, the other entries just return a list.

The advantages of using a flag are that we can have different types of "evalable" rule and still have a petty efficient system, the advantage of type is that it could be used with the PM inheritance system to say that anything inheriting from a particular nodetype has rule like behaviour. I could go either way.

The reason the flag/nodetype is necessary IMO is because we dont want to do a nodefetch on every node in the usergroup table to find out its type. I dont see much reason in forcing the caching of the full node of all the users in the various groups. Maybe im missing something and this cost is acceptable. It certainly would make the endeavour a lot easier to do as it wouldnt requiring changing the table structure or any of the code that interacts with the table (of which there is a fair amount.)

Please feed me criticism on any of this. Cheers.


---
demerphq

    First they ignore you, then they laugh at you, then they fight you, then you win.
    -- Gandhi

    Flux8


In reply to Nodelet Settings and Proposed future changes to Approval System by demerphq

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (5)
As of 2024-04-19 12:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found