Re: Adding a 'rule' system to isApproved() (fewer tables)

Replies are listed 'Best First'.
Re^2: Adding a 'rule' system to isApproved() (fewer tables) by demerphq (Chancellor) on Aug 21, 2005 at 18:45 UTC
references to CB conversation Modified patch. After this is applied we can create an accesrule nodetype as a subtype of htmlcode. No table, same results. :-) --- NodeBase.pm.orig 2005-08-21 11:22:05.250000000 +0200 +++ NodeBase.pm 2005-08-21 20:37:07.000000000 +0200 @@ -2031,9 +2031,18 @@ #you're always approved if it's yourself... - foreach my $approveduser (@{ $this->selectNodegroupFlat($NODE) }) + foreach my $node (@{ $this->selectNodegroupFlat($NODE) }) { - return 1 if ($user_id == $this->getId($approveduser)); + return 1 if ($user_id == $this->getId($node)); + if ( $node->{type}{title}=~/accessrule$/i ) { + my $res=eval $node->{code}; + if ($@) { + #logit danno + Everything::printLog("Access Rule eval error in $node +->{node_id}\n$@\n$node->{code}"); + # return 0; # should this happen? + } + return $res if defined $res; + } } return 0; [download] --- $world=~s/war/peace/g	[reply] [d/l]
Re^2: Adding a 'rule' system to isApproved() (fewer tables) by demerphq (Chancellor) on Aug 22, 2005 at 08:32 UTC
Heres an untested larger patch that hopefully would resolve some of the problems discovered this morning: --- NodeBase.pm.orig 2005-08-22 10:22:14.468750000 +0200 +++ NodeBase.pm 2005-08-22 10:28:10.046875000 +0200 @@ -1963,9 +1963,10 @@ my( $this, $USER, $TYPE )= @_; $TYPE = $this->getType( $TYPE ); + my $writers=$TYPE->{writers_user}; # The default is that everyone can create - return 1 if ! $TYPE->{writers_user}; - $this->isApproved( $USER, $TYPE->{writers_user} ); + return 1 if ! $writers; + $this->isApproved( $USER, $writers, $TYPE ); } @@ -1974,14 +1975,15 @@ my( $this, $USER, $NODE )= @_; $this->getRef($NODE); + my $deleters=$NODE->{type}{deleters_user}; # The default is that nobody can delete - return 0 if ! $NODE \|\| ! $NODE->{type}{deleters_user}; + return 0 if ! $NODE \|\| ! $deleters; # -2 means "owner" can delete (anonymous?) - return $this->isApproved( $USER, $NODE->{author_user} ) - if -2 == $NODE->{type}{deleters_user}; + return $this->isApproved( $USER, $NODE->{author_user}, $NODE ) + if -2 == $deleters; - return $this->isApproved( $USER, $NODE->{type}{deleters_user} ); + return $this->isApproved( $USER, $deleters, $NODE ); } @@ -2001,7 +2003,7 @@ $updaters = $NODE->{author_user}; } - return $this->isApproved( $USER, $updaters ); + return $this->isApproved( $USER, $updaters, $NODE ); } @@ -2013,14 +2015,16 @@ return 0 if ! $NODE; + my $readers=$NODE->{type}{readers_user}; + # the default is that everyone can read - return 1 if ! $NODE->{type}{readers_user}; + return 1 if !$readers; # -2 means only "owner" can read - return $this->isApproved( $USER, $NODE->{author_user} ) - if -2 == $NODE->{type}{deleters_user}; + return $this->isApproved( $USER, $NODE->{author_user}, $NODE ) + if -2 == $readers; - return $this->isApproved( $USER, $$NODE{type}{readers_user} ); + return $this->isApproved( $USER, $readers, $NODE ); } @@ -2032,25 +2036,28 @@ # Checks to see if the given user is approved within a given gr +oup # # Parameters -# $user - reference to a user node hash (-1 if super user) -# $NODE - reference to a nodegroup that the user might be in +# $USER - reference to a user node hash (-1 if super user) +# $GROUP - reference to a nodegroup that the user might be in +# $NODE - optional reference to the item being tested against. +# its prescence allows rules to be applied against the +# the item. # # Returns # true if the user is authorized, false otherwise # sub isApproved { - my( $this, $USER, $NODE )= @_; + my( $this, $USER, $GROUP, $NODE )= @_; - return 0 if ! $USER \|\| ! $NODE; + return 0 if ! $USER \|\| ! $GROUP; return 1 if $this->isGod($USER); my $user_id = $this->getId($USER); #you're always approved if it's yourself... - return 1 if $user_id == $this->getId($NODE); + return 1 if $user_id == $this->getId($GROUP); - foreach my $node ( @{ $this->selectNodegroupFlat($NODE) } ) { + foreach my $node ( @{ $this->selectNodegroupFlat($GROUP) } ) { return 1 if $user_id == $this->getId($node); if( $node->{type}{title} =~ /accessrule$/i ) { my $res= eval $node->{code}; [download] Note, this is just a starting point for discussion. I can already see a couple of little things that could be tweaked. --- $world=~s/war/peace/g	[reply] [d/l]
Re^3: Adding a 'rule' system to isApproved() (fewer tables) by demerphq (Chancellor) on Aug 22, 2005 at 19:32 UTC
This is applied on the pmdev server. --- NodeBase.pm 2005-08-22 21:27:35.000000000 +0200 +++ NodeBase.pm.mod 2005-08-22 19:34:53.984375000 +0200 @@ -1963,9 +1963,10 @@ my( $this, $USER, $TYPE )= @_; $TYPE = $this->getType( $TYPE ); + my $writers= $TYPE->{writers_user}; # The default is that everyone can create - return 1 if ! $TYPE->{writers_user}; - $this->isApproved( $USER, $TYPE->{writers_user} ); + return 1 if ! $writers; + return $this->isApproved( $USER, $writers, $TYPE ); } @@ -1974,14 +1975,15 @@ my( $this, $USER, $NODE )= @_; $this->getRef($NODE); + my $deleters= $NODE->{type}{deleters_user}; # The default is that nobody can delete - return 0 if ! $NODE \|\| ! $NODE->{type}{deleters_user}; + return 0 if ! $NODE \|\| ! $deleters; # -2 means "owner" can delete (anonymous?) - return $this->isApproved( $USER, $NODE->{author_user} ) - if -2 == $NODE->{type}{deleters_user}; + return $this->isApproved( $USER, $NODE->{author_user}, $NODE ) + if -2 == $deleters; - return $this->isApproved( $USER, $NODE->{type}{deleters_user} ); + return $this->isApproved( $USER, $deleters, $NODE ); } @@ -2001,7 +2003,7 @@ $updaters = $NODE->{author_user}; } - return $this->isApproved( $USER, $updaters ); + return $this->isApproved( $USER, $updaters, $NODE ); } @@ -2013,14 +2015,16 @@ return 0 if ! $NODE; + my $readers= $NODE->{type}{readers_user}; + # the default is that everyone can read - return 1 if ! $NODE->{type}{readers_user}; + return 1 if !$readers; # -2 means only "owner" can read - return $this->isApproved( $USER, $NODE->{author_user} ) - if -2 == $NODE->{type}{readers_user}; + return $this->isApproved( $USER, $NODE->{author_user}, $NODE ) + if -2 == $readers; - return $this->isApproved( $USER, $$NODE{type}{readers_user} ); + return $this->isApproved( $USER, $readers, $NODE ); } @@ -2032,25 +2036,28 @@ # Checks to see if the given user is approved within a given gr +oup # # Parameters -# $user - reference to a user node hash (-1 if super user) -# $NODE - reference to a nodegroup that the user might be in +# $USER - reference to a user node hash (-1 if super user) +# $GROUP - reference to a nodegroup that the user might be in +# $NODE - optional reference to the item being tested against. +# its prescence allows rules to be applied against the +# the item. # # Returns # true if the user is authorized, false otherwise # sub isApproved { - my( $this, $USER, $NODE )= @_; + my( $this, $USER, $GROUP, $NODE )= @_; - return 0 if ! $USER \|\| ! $NODE; + return 0 if ! $USER \|\| ! $GROUP; return 1 if $this->isGod($USER); my $user_id = $this->getId($USER); #you're always approved if it's yourself... - return 1 if $user_id == $this->getId($NODE); + return 1 if $user_id == $this->getId($GROUP); - foreach my $node ( @{ $this->selectNodegroupFlat($NODE) } ) { + foreach my $node ( @{ $this->selectNodegroupFlat($GROUP) } ) { return 1 if $user_id == $this->getId($node); if( $node->{type}{title} =~ /accessrule$/i ) { my $res= eval $node->{code}; [download] --- $world=~s/war/peace/g	[reply] [d/l]
Re^3: Adding a 'rule' system to isApproved() (fewer tables) by ysth (Canon) on Aug 22, 2005 at 23:23 UTC
Thanks for working on this. Could you use diff -up, please?	[reply]
Re^4: Adding a 'rule' system to isApproved() (fewer tables) by demerphq (Chancellor) on Aug 23, 2005 at 07:27 UTC
Maybe you mean `diff -uFsub` ? Diff -up seems to be 'c' code specific. --- NodeBase.pm 2005-08-23 09:21:59.796875000 +0200 +++ NodeBase.pm.mod 2005-08-22 19:34:53.984375000 +0200 @@ -1963,9 +1963,10 @@ sub canCreateNode { my( $this, $USER, $TYPE )= @_; $TYPE = $this->getType( $TYPE ); + my $writers= $TYPE->{writers_user}; # The default is that everyone can create - return 1 if ! $TYPE->{writers_user}; - $this->isApproved( $USER, $TYPE->{writers_user} ); + return 1 if ! $writers; + return $this->isApproved( $USER, $writers, $TYPE ); } @@ -1974,14 +1975,15 @@ sub canDeleteNode { my( $this, $USER, $NODE )= @_; $this->getRef($NODE); + my $deleters= $NODE->{type}{deleters_user}; # The default is that nobody can delete - return 0 if ! $NODE \|\| ! $NODE->{type}{deleters_user}; + return 0 if ! $NODE \|\| ! $deleters; # -2 means "owner" can delete (anonymous?) - return $this->isApproved( $USER, $NODE->{author_user} ) - if -2 == $NODE->{type}{deleters_user}; + return $this->isApproved( $USER, $NODE->{author_user}, $NODE ) + if -2 == $deleters; - return $this->isApproved( $USER, $NODE->{type}{deleters_user} ); + return $this->isApproved( $USER, $deleters, $NODE ); } @@ -2001,7 +2003,7 @@ sub canUpdateNode { $updaters = $NODE->{author_user}; } - return $this->isApproved( $USER, $updaters ); + return $this->isApproved( $USER, $updaters, $NODE ); } @@ -2013,14 +2015,16 @@ sub canReadNode { return 0 if ! $NODE; + my $readers= $NODE->{type}{readers_user}; + # the default is that everyone can read - return 1 if ! $NODE->{type}{readers_user}; + return 1 if !$readers; # -2 means only "owner" can read - return $this->isApproved( $USER, $NODE->{author_user} ) - if -2 == $NODE->{type}{readers_user}; + return $this->isApproved( $USER, $NODE->{author_user}, $NODE ) + if -2 == $readers; - return $this->isApproved( $USER, $$NODE{type}{readers_user} ); + return $this->isApproved( $USER, $readers, $NODE ); } @@ -2032,25 +2036,28 @@ sub canReadNode { # Checks to see if the given user is approved within a given gr +oup # # Parameters -# $user - reference to a user node hash (-1 if super user) -# $NODE - reference to a nodegroup that the user might be in +# $USER - reference to a user node hash (-1 if super user) +# $GROUP - reference to a nodegroup that the user might be in +# $NODE - optional reference to the item being tested against. +# its prescence allows rules to be applied against the +# the item. # # Returns # true if the user is authorized, false otherwise # sub isApproved { - my( $this, $USER, $NODE )= @_; + my( $this, $USER, $GROUP, $NODE )= @_; - return 0 if ! $USER \|\| ! $NODE; + return 0 if ! $USER \|\| ! $GROUP; return 1 if $this->isGod($USER); my $user_id = $this->getId($USER); #you're always approved if it's yourself... - return 1 if $user_id == $this->getId($NODE); + return 1 if $user_id == $this->getId($GROUP); - foreach my $node ( @{ $this->selectNodegroupFlat($NODE) } ) { + foreach my $node ( @{ $this->selectNodegroupFlat($GROUP) } ) { return 1 if $user_id == $this->getId($node); if( $node->{type}{title} =~ /accessrule$/i ) { my $res= eval $node->{code}; [download] --- $world=~s/war/peace/g	[reply] [d/l] [select]
Re^5: Adding a 'rule' system to isApproved() (fewer tables) by tye (Sage) on Aug 23, 2005 at 15:19 UTC
Re^6: Adding a 'rule' system to isApproved() (fewer tables) by demerphq (Chancellor) on Aug 23, 2005 at 22:47 UTC