EditAttachWiki Help
r2 - 10 Dec 2004 - 14:13:43 - LisaDusseaultYou are here: OSAF >  Journal Web  >  ContributorNotes > HeikkiToivonenNotes > HeikkiToivonen20041209

WebDAV ACL API">WebDAV ACL API "> Some thoughts on WebDAV ACL API for Chandler 

# It is assumed that these methods would be on some kind of connection/conduit
# object that would handle the current user's identity.
# If the conduit also handles the resource, then that could also be taken out from the API

# Open issue:
# XXX (users, perms) might need to be dict {user1: perms1, user2:perms2, ...}
#     if we want to enable setting/getting for more than one user

getacl(resource):
   """
   # XXX does not work when more than one user
   Returns a tuple of (users, perms)

   Will raise exception if the resource does not exist or you don't have
   permissions to view the ACL.

   NOTE: May not return all users if currently authenticated user does not
         have rights to read all ACLs.
   """

setacl(resource, users, perms, oper, depth):
   """
   resource is the resource who's acl we are changing
   users is a list of users and groups
   perms is the permissions we want to modify (read, write, admin, ...?)
   oper is the operation we want to do with perm(s) (delete, add, set)
   depth is how deeply to apply, -1 infinite

   # XXX does not work when more than one user
   returns the tuple (users, perms), may be different from requested

   Will raise exceptions if the resource does not exist, users do not exist,
   permissions do not exist or are not supported on the server, operation
   not allowed or not supported by server.

   Open issue: Should we have a parameter to indicate if we want strict
               mapping? I.e., if we want to enable write, but the only
               way the server can support write is by enabling admin access?
               If we want strict, and it is not possible, would raise exception

   Open issue: Do we want to be able to set acls on more than one resource
               at a time?

   Open issue: Should we support setting acl's on properties? I think the API
               would still be the same (depth ignored).
   """

Commenting... I bet it would be useful for a lot of our use cases for the API to offer an "grantPermission" call that adds a principal and a permission to the ACL if it wasn't there before but otherwise leaves the rest of the permissions in place. Perhaps that's a higher level thing built on top of the base setAcl and getAcl. --Lisa

-- HeikkiToivonen - 09 Dec 2004

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r2 < r1 | More topic actions
 
Open Source Applications Foundation
Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.