[Catalyst] Authorization ACL: future plans?

[ivorw]

Hi guys,

(Yuval please note: this concerns one of your modules)

Are there any plans afoot to build on
Catalyst::Plugin::Authorization::ACL? I have a requirement for a couple
of enhancements, and I'd like to sound out the list before jumping in
and coding.


1. I'd quite like the idea of a generic "resource", that users have
access to, rather than just a controller method. The resource could be
or correspond to a file on the server's fs, a wiki page, a diary
appointment, etc.

The resource would have a set of permissions, controlled through the model:
 * See   (whether this resource actually appears at all)
 * Read (Are the contents of the resource visible/executable?)
 * Modify
 * Delete
 * Grant (who can change the permissions for this resource)

The resource also has an owner (user) and a group (role).
Each of the permissions above can be set to one of 'owner', 'group',
'world' or none.

Proposed module name: Catalyst::Plugin::Authorization::ACL::Resource

2. Full blown access control lists

For more sophisticated requirements, we have an actual list:

Include: list of entities
Exclude: list of entities


each entity can be one of the following:
 * A user
 * 'owner'
 * A role
 * 'group'
 * An ACL (i.e. nesting)

This enhances option 1 above by allowing the permission to be an ACL
besides 'owner', 'group', 'world' or none.

Proposed module name: Catalyst::Plugin::Authorization::ACL::Full

What do people think? Feedback please.

By the way in case you are wondering, I am looking to write a CMS that
sits on top of Catalyst.

Ivor.