[schooltool-dev] schooltool security policy enhancement?
Tom Hoffman
tom.hoffman at gmail.com
Mon Jun 18 23:00:17 EDT 2007
On 6/18/07, Paul Carduner <paulcarduner at gmail.com> wrote:
> I would like to suggest some additions to SchoolTool's security policy.
>
> The allow directive should also accept attributes and class. If a
> class is specified then you cannot specify an interface. This would
> allow finer grained control of permissions. Here is a usecase:
>
> Our Journal objects have a set of managers and a set of members, and
> these two attributes are likewise included in the IJournal interface,
> along with title and description. You must have the schooltool.edit
> permission to modify any of these attributes, and schooltool.view to
> read any of these attributes. I want to give teachers the
> schooltool.edit permission for everything in the IJournal interface,
> in which case the current security policy works fine. I want to give
> students the ability to modify the title and description but not
> members or managers.
Is that really necessary?
--Tom
More information about the Schooltool-dev
mailing list