jochumdev
commented
6 years ago Another cleaner way would be to add a it by its own class Role.
Closed jochumdev closed 6 years ago
jochumdev
commented
6 years ago Another cleaner way would be to add a it by its own class Role.
ergo
commented
6 years ago What would the difference between a Group and Role would be?
jochumdev
commented
6 years ago First, thanks for your fast reaction!
I see a group as a "Group of Users where a group can have Permissions". And a role as a "Group of Permissions which can be assigned to users and groups".
ergo
commented
6 years ago I would not be opposed to have a Role class but I fear that it could become very complex (and be a performance hit, some queries are already quite complex) when you take resource permissions (all all permutations between permissions,users,groups,resources and resourceless) into account. How would you implement that?
jochumdev
commented
6 years ago Hmm i thought about implementing roles only for Users and Groups - not resources.
I would ofc. have to modify UserService and GroupService to return role permissions too.
ergo
commented
6 years ago Ok, so this concept would be similar to inheritable group permissions (groups inheriting groups). Do you think you could implement it with single query like current solution without issues?
Let's say you would implement is_role, how would your implementation look like in pseudocode?
jochumdev
commented
6 years ago Do you have IRC (freenode, i'm also pcdummy there) or gitter? Can we talk there?
ergo
commented
6 years ago Sure, there is a gitter badge in the readme, and I normally sit on #pyramid on freenode.
ergo
commented
6 years ago Closing this after the discussion on gitter. Feel free to reopen if necessary.
Hi Ergo,
In my app, i'll have a lot of permissions which i want to group by roles.
My first thought on howto implement that was by adding a property "is_role" to "Groups" and use that, what do you think about that?
AND is is_role something you wanna see in ziggurat_foundations or not?
Thanks, René