New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Privilege inheritance in group hierarchies #140

Open
flack opened this Issue Jan 30, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@flack
Owner

flack commented Jan 30, 2015

Reported by flack on 22 May 1978 02:14 UTC
midcom_core_user includes functionality for recursively collecting privileges from group hierarchies, but the feature is commented out. Re-enabling it would give us an inheritance mechanism where child groups inherit their parents' permissions.

The question is whether this is the desired behavior. Alternatively, parent groups could aggregate their children's privileges (as indicated by the comment in the source), but that might result in lower performance in large group trees. The best way to implement this would probably be to modify the behavior of midcom_core_group::list_memberships() to include subordinate groups.

Another possibility would be to use a config setting or individual MIDCOM_PRIVILEGE_INHERIT privileges to indicate whether or not child groups should inherit their parents' privileges, but there would have be to a UI for that.

Migrated-From: http://trac.openpsa2.org/ticket/149

@flack flack self-assigned this Jan 30, 2015

@flack flack added this to the undecided milestone Jan 30, 2015

@flack

This comment has been minimized.

Show comment
Hide comment
@flack

flack Dec 19, 2016

Owner

according to http://trac.midgard-project.org/changeset/1353, it's supposed to work like this:

everyone -> root group -> sub group(s) -> virtual group(s) -> user privilieges
Owner

flack commented Dec 19, 2016

according to http://trac.midgard-project.org/changeset/1353, it's supposed to work like this:

everyone -> root group -> sub group(s) -> virtual group(s) -> user privilieges
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment