449132 - Move rights to database

Status: RESOLVED FIXED

(Webtools Graveyard :: Verbatim, defect)

Description

[Dan Schafer [:dschafer]]

Currently, rights are stored in a flat file; we should move them to a database.  Rights are done on a language / project / user basis, so this move should not be too tricky; a boolean column for each right seems like the most logical approach.

Note that attachment 330595 [details] [diff] [review] introduced some odd behavior in function
getuserswithrights in projects.py to work around the standard "dots in .prefs
file" issue, and that this code should be removed when this bug is fixed.

This was split from bug 446441

Comment 2

[Dan Schafer [:dschafer]]

Attachment: Patch v 0.1

This is the progress I have made so far on moving rights into a database; it seems to work in most use cases, but there are still some major flaws.

Performance is a huge issue with this patch; the main page uses an absurd number of SELECT queries on the rights table to determine what rows to show, for example.  Additionally, the default and nobody rights are not created until first page load that needs them.

Finally, there is some weirdness involving site-admins getting their own rows in rights to ensure they have admin rights when ordinarily they wouldn't; this is a fairly minor issue right now, though.

Comment 3

[Israel Saeta Pérez]

I suggest looking at how other frameworks handle permissions for ideas. For example, Django:

http://www.djangoproject.com/documentation/authentication/#permissions

http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py#L60

althought Django hasn't per-instance permission control :-(
"""
it's not currently possible to say "Mary may change news stories, but only the ones she created herself"
"""

Comment 4

[Fred Wenzel [:wenzel]]

Hey Dwayne, the rights are in the DB, aren't they?

Comment 5

[Dwayne Bailey]

@wenzel: Always assume I don't know anything and Alaa and Friedel know everything :)

Comment 6

[Fred Wenzel [:wenzel]]

They are.