[isf-wifidog] Re: User roles design

Benoit Grégoire bock at step.polymtl.ca
Mar 5 Déc 23:59:35 EST 2006 

>> I know the three of you are rather overwhelmed by real life right  
>> now, but it
>> would be really helpfull if you could quickly read and comment on:
>> http://dev.wifidog.org/wiki/doc/developer/UserRolesArchitecture
>
> I read it in full and I think this is really nice. I like the "sudo"
> idea, that would indeed be really useful for testing.
>
> Excellent work Benoit.
>
> How far are you on implementing this ?

I'm at the "I'm afraid to start" stage. 

This system is probably not all that long to implement:
-Usually the longest part of anything in wifidog is the admin interface(s), 
but in this case only two need to be written, and they are simple ones: the 
role definition interface, and the stakeholder assignation interface (which 
will be reused for each stakeholder type).  
-Re-writing the security class is also reasonably straightforward assuming 
(big assumption, this is why I need feedback) the design didn't overlook 
anything.
-We can then search-and-replace all the current access control functions 
clearly marking them deprecated (less than an hour).
It's probably in the "really productive weekend of hacking" ballpark for me, 
which means maybe I can do it as a week long vacation project over Christmas 
if I get help for the next part.  It's delicate code to write, but it's 
nature should make every bug really obvious (and thus easy to fix).

The next step is, for which I really need other people's help is:
-Progressively going through the hundred of current access control-like 
functions calls and replacing them with the appropriate permission checks 
(hundreds), defining the necessary permissions as we go (dozens) and fixing 
all the places we didn't do any access control (a shamefull "several").

It's long, but motivating as new functionality appear at every step.  And 
getting this in is almost critical for a  good 1.0 release, as most of the 
remaining tickets for the 1.0 milestones indirectly use it. 

-- 
Benoit Grégoire
http://benoitg.coeus.ca/

Plus d'informations sur la liste de diffusion WiFiDog