[Catalyst] Authorization ACL: future plans?
m9tn-oh4c at xemaps.com
Fri Jun 6 15:13:21 BST 2008
(Yuval please note: this concerns one of your modules)
Are there any plans afoot to build on
Catalyst::Plugin::Authorization::ACL? I have a requirement for a couple
of enhancements, and I'd like to sound out the list before jumping in
1. I'd quite like the idea of a generic "resource", that users have
access to, rather than just a controller method. The resource could be
or correspond to a file on the server's fs, a wiki page, a diary
The resource would have a set of permissions, controlled through the model:
* See (whether this resource actually appears at all)
* Read (Are the contents of the resource visible/executable?)
* Grant (who can change the permissions for this resource)
The resource also has an owner (user) and a group (role).
Each of the permissions above can be set to one of 'owner', 'group',
'world' or none.
Proposed module name: Catalyst::Plugin::Authorization::ACL::Resource
2. Full blown access control lists
For more sophisticated requirements, we have an actual list:
Include: list of entities
Exclude: list of entities
each entity can be one of the following:
* A user
* A role
* An ACL (i.e. nesting)
This enhances option 1 above by allowing the permission to be an ACL
besides 'owner', 'group', 'world' or none.
Proposed module name: Catalyst::Plugin::Authorization::ACL::Full
What do people think? Feedback please.
By the way in case you are wondering, I am looking to write a CMS that
sits on top of Catalyst.
More information about the Catalyst