Re: UU Database

["Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>]

Alexey Parshin wrote:

> Role is a maximum allowed access level.

Well, like I said - there is no maximum access level as such. I.E. I
don't see
any reason to have a user that can do editing of _any_ object. Although
I do see a value in some object allowing some sort of access to any user.
example: there can be subscriber-only course, which allows "study" access
to set of users, and there can be public course, that allows "study" access
to everyone.

> If we have a teacher, he may be also a student, but he is still not admin.

What is "admin"?

> For the large mass of users, they would be just students. For the
> particular course, we can also determine a role for anybody. So, if
> the role allows - the person may make changes, for instance.

What do you mean? Assign role per-course?

> I'm pretty, that most changes would require to open screen for editing
> an object. In this case - user gets his role from authorization
> routine. BTW, authorization should be done as a stored proc, also. We
> gotta keep user information (name,pass,courses/roles) in the database,
> anyway, and probably in some encripted format.

Of course - basically, every page, before being displayed will have to
call authorization routine,
which will get user's permissions for this particular action for this
particular object.

> In my understanding, passing the username, pass, and a project should
> return a role name, or an error if something isn't right.
>

-- 
Ilya A. Volynets-Evenbakh
Total Knowledge. CTO
http://www.total-knowledge.com