launchpad-dev team mailing list archive

Thread
Date

Re: RFD: Overhauling the Launchpad authorization adapters

To: Henning Eggers <henning.eggers@xxxxxxxxxxxxx>
From: Stuart Bishop <stuart.bishop@xxxxxxxxxxxxx>
Date: Fri, 5 Feb 2010 11:42:41 +0700 (ICT)
Cc: Launchpad-dev Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <4B6B05D9.9020903@canonical.com>
Sender: Stuart Bishop <stuart@xxxxxxxxxxxxxxxx>



On Fri, Feb 5, 2010 at 12:37 AM, Henning Eggers <henning.eggers@xxxxxxxxxxxxx> wrote:

= Current situation =

 * security.py is a big blob of mostly unrelated classes from all parts
  of Launchpad. Only relation is the same base class
  AuthorizationBase. This makes the file very big.


It also is supposed to make it easy to audit, as our security declarations are in one place rather than scattered around the code base. This was one of the original goals. I have no idea if we have met that goal.

 * Make the system automatically layered, so that less restrictive
  access levels automatically include more restrictive levels.
  Exceptions need to be possible, of course, to model special
  situations.


I don't know if we have special situations any more. The perverse use cases that required 'super special' permissions (you can do stuff but an admin can't) are gone I think.

Please comment or propose other solutions or make suggestions on how to
implement some of the ideas here.


Or permissions now might be sane enough to generate them from a config file rather than code. This would certainly be useful for the UI hints people have been asking for saying 'you can't do this, but these people can'.


--
Stuart Bishop <stuart@xxxxxxxxxxxxxxxx>
http://www.stuartbishop.net/

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: RFD: Overhauling the Launchpad authorization adapters
From: Henning Eggers, 2010-02-05

References

RFD: Overhauling the Launchpad authorization adapters
From: Henning Eggers, 2010-02-04