question: A way to implement roles in ziggurat_foundations
Closed this issue · 9 comments
Hi Ergo,
In my app, i'll have a lot of permissions which i want to group by roles.
My first thought on howto implement that was by adding a property "is_role" to "Groups" and use that,
what do you think about that?
AND is is_role something you wanna see in ziggurat_foundations or not?
Thanks,
René
Another cleaner way would be to add a it by its own class Role.
What would the difference between a Group and Role would be?
First, thanks for your fast reaction!
I see a group as a "Group of Users where a group can have Permissions".
And a role as a "Group of Permissions which can be assigned to users and groups".
I would not be opposed to have a Role class but I fear that it could become very complex (and be a performance hit, some queries are already quite complex) when you take resource permissions (all all permutations between permissions,users,groups,resources and resourceless) into account.
How would you implement that?
Hmm i thought about implementing roles only for Users and Groups - not resources.
I would ofc. have to modify UserService and GroupService to return role permissions too.
Ok, so this concept would be similar to inheritable group permissions (groups inheriting groups).
Do you think you could implement it with single query like current solution without issues?
Let's say you would implement is_role, how would your implementation look like in pseudocode?
Do you have IRC (freenode, i'm also pcdummy there) or gitter? Can we talk there?
Sure, there is a gitter badge in the readme, and I normally sit on #pyramid on freenode.
Closing this after the discussion on gitter. Feel free to reopen if necessary.