launchpad-dev team mailing list archive

[Guilherme Salgado <salgado@xxxxxxxxxxxxx>]

On Thu, 2010-02-04 at 18:37 +0100, Henning Eggers wrote:
> Hi all,
> in some of my recent work I was confronted with parts of the
> Launchpad/Zope security system, namely the IAuthorization adapters in
> lib/canoncial/launchpad/security.py. I think this file and the concept
> behind it could use some serious improving to be easier to handle and
> less error-prone.
> 
[...]
> 
> = Needed improvements =
> 
>  * Split permission checking up into chunks for each Launchpad
>    application. At the same time, general policies need to be available
>    to all parts.

If we split that file, I'd rather see the code for permission checking
as close as possible to the pertinent model class instead of having
per-app security.py modules, as you seem to suggest above.

> 
>  * Have a canonical way to use the same checks in model code as in view
>    code.

I guess this is because the existing api (check_permission()) doesn't
take a user as argument?

> 
> = Possible solutions =
> I don't have all the answers but these are some of my ideas.
> 
>  * Make model objects be their own authorization adapter. Why should
>    it be too much to ask of an object, if a user may edit or admin it?
>    The implementation can be in the class itself but may just as well
>    be provided by a mix-in.

I don't think this is the responsibility of model classes, but it might
be a good idea to have a single adapter (for every model class) that
knows about all different permissions on that class.

> 
>  * Provide helpful system-wide mix-ins that implement common security
>    policies, e.g. for owners, admins, etc.
> 
>  * Design these mix-ins in a layered way, so that permissions can simply
>    be added up and automatically include permissions from more
>    restrictive policies.
> 
>  * Provide a gradual transition path. If an object does not provide its
>    own authorization information, look in the old security.py for it.

These can be done with the single-adapter model as well.

> 
>  * Delete security.py! ;-)
> 
> 
> Please comment or propose other solutions or make suggestions on how to
> implement some of the ideas here.
> 
> Implementing this will take some time and should happen gradually, as
> indicated. As a first step I filed this bug:
> https://bugs.edge.launchpad.net/launchpad-foundations/+bug/517153
> 
> But we need more bugs to make up the plan to improve this system.
> 
> Cheers,
> Henning
> 
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~launchpad-dev
> Post to     : launchpad-dev@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~launchpad-dev
> More help   : https://help.launchpad.net/ListHelp


-- 
Guilherme Salgado <salgado@xxxxxxxxxxxxx>

Attachment: signature.asc
Description: This is a digitally signed message part