launchpad-dev team mailing list archive

Thread
Date

Re: [tech] ACL system

To: Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
From: Julian Edwards <julian.edwards@xxxxxxxxxxxxx>
Date: Wed, 26 May 2010 16:53:56 +0100
Cc: Tim Penhey <tim@xxxxxxxxxx>
In-reply-to: <20100526140050.GE29562@lilium.lan>
Organization: Canonical Ltd
User-agent: KMail/1.13.2 (Linux/2.6.32-22-generic; KDE/4.4.2; x86_64; ; )

On Wednesday 26 May 2010 15:00:50 Bjorn Tillenius wrote:
> On Wed, May 26, 2010 at 04:51:56PM +1200, Tim Penhey wrote:
> > On Wed, 26 May 2010 10:26:33 Tim Penhey wrote:
> > > I'm sure I'll end up with more questions later.
> > 
> > And here is a real doozey.
> > 
> > In a list of branches, we have the following ACLs to check for *every*
> > branch:
> > 
> > The ACL of the target:
> >   * project
> >   * distro series source package
> >   
> >     * of which possibly any three could be private?
> > 
> > The ACL of the owner:
> >   * possibly a private team
> > 
> > The ACL of the branch itself
> > 
> > How can we do this with a single query over the branch table?
> 
> The goal is that you should be able to do this in a single query, yes.
> I'm currently investigating how that will work. Either by using
> recursive queries, or by flatten out the ACL model, copying things from
> the parent to the child, so that all you have to do is to check the ACL
> for the branch.

I think you should check out Muharem's work on Packageset ACLs.  He used DAGs 
very effectively and we might be able to generalise that work.

References

[tech] ACL system
From: Bjorn Tillenius, 2010-05-25
Re: [tech] ACL system
From: Tim Penhey, 2010-05-26
Re: [tech] ACL system
From: Bjorn Tillenius, 2010-05-26