[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: UU Database
Alexey Parshin wrote:
> Role is a maximum allowed access level.
Well, like I said - there is no maximum access level as such. I.E. I
don't see
any reason to have a user that can do editing of _any_ object. Although
I do see a value in some object allowing some sort of access to any user.
example: there can be subscriber-only course, which allows "study" access
to set of users, and there can be public course, that allows "study" access
to everyone.
> If we have a teacher, he may be also a student, but he is still not admin.
What is "admin"?
> For the large mass of users, they would be just students. For the
> particular course, we can also determine a role for anybody. So, if
> the role allows - the person may make changes, for instance.
What do you mean? Assign role per-course?
> I'm pretty, that most changes would require to open screen for editing
> an object. In this case - user gets his role from authorization
> routine. BTW, authorization should be done as a stored proc, also. We
> gotta keep user information (name,pass,courses/roles) in the database,
> anyway, and probably in some encripted format.
Of course - basically, every page, before being displayed will have to
call authorization routine,
which will get user's permissions for this particular action for this
particular object.
> In my understanding, passing the username, pass, and a project should
> return a role name, or an error if something isn't right.
>
--
Ilya A. Volynets-Evenbakh
Total Knowledge. CTO
http://www.total-knowledge.com