Best practice for developing a permission system

Question

Best practice for developing a permission system

I am currently developing a small Python site using Pyramid.
But I do not know how to create a permission system.
The system must be very flexible: I need to establish connections between many different tables.
Instead of writing one permission table for each option, I decided to create only one table - I call it PermissionCollection:

PermissionCollection:

permissionCollectionId - PrimaryKey
onType = ENUM ("USER", "TEACHER", "GROUP", "COURSE" ...)
onId = Integer

and permissions table:

permissionId - PrimaryKey
key
value
permissionCollectionId - ForeignKey

PermissionCollections , , , , ... , PermissionCollection .

- , . - . , ACL Pyramid , ?

+5

python sql pyramid permissions sqlalchemy

Felix Scheinost 17 . '12 14:56

1

Loïc Faure-Lacroix · Accepted Answer · 2012-04-20T01:49:07+0000

, , . ACL.

, ... ACL

(object_id, allow/deny, who? (group, userid), , )

object_id -
allow/deny - , ACE...
? , , , , , system.everyone is all
- view_config
- , .

__acl__ = [
(Deny, Everyone, 'view'),
(Allow, 'group:admin', 'view')
]

... -, , ,

__acl__ = [
(Allow, 'group:admin', 'view'),
(Deny, Everyone, 'view')
]

, - . ACE.

. . acl, . , , ... acl .

myobject.__acl__ = load_acls(myobject)

. acls.

, ,

root
  \--pages with acl
      +---- page1  without acl
      \---- page2  with acl

1, acl, , , acl, , , root. , , . , , . , .

, , , , .

?

acl , . acl .

acl acl, - . , .

http://pyramid.readthedocs.org/en/1.3-branch/tutorials/wiki/authorization.html

Best practice for developing a permission system

More articles: