Ive revamped Nodelet Settings to use nodelet permissions In a sense this can be seen as a prototype of what I want to do with the approval system.

My proposal is this: We add a column to the nodegroup table to store either a flag or nodetype of the node mentioned. This flag/nodetype tells us if the entry is a user/group/evalable rule. The user/group scenario would be unchanged. The evalable rule would be evalled and then its return would determine what would happen. I propose that if it returns 0 it is a deny access rule and says the user is explicity NOT approved despite any further rules or group memberships. If it returns 1 it implies the user is explicitly approved and not to bother searching the rest of the list. If it returns undef it implies that the rule doesnt apply at all and to continue applying further rules or checking further membership.

The paralel here is that the "apply_order" is much like a group list, (forget about the fact that we are dealing with lists of things you can see based on membership, pretend the results are just 1/undef). The entries in the setting that start with \s*{ are code rules that are evalled, the other entries just return a list.

The advantages of using a flag are that we can have different types of "evalable" rule and still have a petty efficient system, the advantage of type is that it could be used with the PM inheritance system to say that anything inheriting from a particular nodetype has rule like behaviour. I could go either way.

The reason the flag/nodetype is necessary IMO is because we dont want to do a nodefetch on every node in the usergroup table to find out its type. I dont see much reason in forcing the caching of the full node of all the users in the various groups. Maybe im missing something and this cost is acceptable. It certainly would make the endeavour a lot easier to do as it wouldnt requiring changing the table structure or any of the code that interacts with the table (of which there is a fair amount.)

Please feed me criticism on any of this. Cheers.


---
demerphq

    First they ignore you, then they laugh at you, then they fight you, then you win.
    -- Gandhi

    Flux8


In reply to Nodelet Settings and Proposed future changes to Approval System by demerphq

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.