incubator-esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Hirsch <hirsch.d...@gmail.com>
Subject Re: Superuser column in table users
Date Sun, 20 Dec 2009 05:48:27 GMT
> the problem may the association with MegaProtoUser
Not that we are still using "MegaProtoUser" - we aren't

The ldap-lift source uses it which means that we would have to change
the source code to be able to use it.

D.

On Sun, Dec 20, 2009 at 6:18 AM, Richard Hirsch <hirsch.dick@gmail.com> wrote:
> There are two points that we have to consider:
> 1) there is also a role model that is present in lift
> 2) how would we integrate the idea of authorization groups if we had
> access to ldap (my favored solution)
> (http://jgoday.wordpress.com/2009/11/27/lift-ldap/) - although here
> the problem may the association with MegaProtoUser
>
> The use of the superuser is probably the easiest way to get started
> with such an api but the two other means above are probably  better in
> the long-term.
>
> By the way, if we had a ldap solution, then we might have to rethink
> our pool administration, but first things first. ...
>
> D.
>
> On Sat, Dec 19, 2009 at 8:08 PM, Ethan Jewett <esjewett@gmail.com> wrote:
>> Sounds ideal as long as someone familiar with the user model (not me
>> :-) can confirm that this column is being used in this manner.
>>
>> If it's not being used at all at the moment, then I could start
>> building admin functions on top of it, but we'll find ourselves in a
>> situation in which you can do things through the API that you can't do
>> through the ui.
>>
>> There are also the questions of how the first super-user is added and
>> whether we want more granular access controls around administrative
>> functions. The later is probably a question for the future.
>>
>> Ethan
>>
>> On Saturday, December 19, 2009, Richard Hirsch <hirsch.dick@gmail.com> wrote:
>>> Just saw the column "superuser" in the "users" table.
>>>
>>> Maybe this could be used to determine if user have special rights
>>> during administrative functions for our APIs.
>>>
>>> D.
>>>
>>
>

Mime
View raw message