On Thu, Dec 30, 2010 at 13:24, Alex Leone <acle...@gmail.com> wrote:
> Comments? It would be good to discuss this before the upcoming bug days if
> we are going to do anything with the notebook.
Hi, I read most of it and I also read your posting on mongodb-users ;)
Basically, most of it is also what I would have in my mind ... just some notes:
1. I wouldn't do a "isAdmin" property for users. Rather, create one or
more groups that are marked as isAdmin and then add the users to that
group. This is basically how it is done nowdays in linux via the
/etc/sudoers file where a group "admin" is marked as being special and
the sudo command checks if the user is in the group admin.
2. The permissions, I don't really understand it. Why are they in each
group? I understand that each worksheet has a list of users (owners)
with permissions and groups with permissions, but at the group level I
don't get it. What does db.groups.users.{ perms: 1 or 0 } actually do?
I think, just a list of usernames is enough.
Do you know ACLs [1]? Maybe compare your mix of usernames and
permissions with the approach over there and do it this way!
Therefore, I would attach such a ACL list to each worksheet.
3. Worksheets reference to a collection of cells? Each document has a
4mb limit ... I know, that's a lot and it will probably never be hit,
but if there is some crazy long output it might happen. Second,
updates on worksheets only happen on the cell level, never on the
whole document. I know, mongodb has the ability to update a part of a
document via the update command, but I think it's easier to have a
collection of all cells and reference to them.
But still, when a cell is updated, only it's "out" field is modified.
Therefore, I propose to define a worksheet as a list of cells [or
later and more advanced, also as a nested list of worksheets ... i.e.
to make it possible to reference to another worksheet, to do "dynamic"
embeddings, sections/parts, meta-worksheet-documents ...].
Additionally, I could also envision cases, where each of those cells
get additional permissions, e.g. a "lock" that adds a "all: ---"
permission, so that nobody is able to edit a cell. (editing
permissions is of course still possible by the users and users in the
associated groups if they are allowed)
4. something trivial, instead of
out: [{ t:"stdout", data: "..."} , {t:"stderr", data: "..."}]
please just do
out: { stdout: "...", stderr: "..." }
Mongodb allows to list all keys in such an associative list and no
need for this {t: "..."} thing.
(or even better, get rid of "out" and just a stdout and stderr key is
good enough since their relative ordering doesn't matter.)
5. Images might probably be referenced explicitly, i.e. out: { img:
<file-id-reference> }
6. same as 5. for data files attached to worksheets. That's probably
what you mean with db.files anyways ... but it might be nice to know
when attached files are no longer needed to be able to run a
background process that removes unreferenced files.
h
[1] http://linux.die.net/man/5/acl
first, look at the "long text form", then read the algorithm for checking it.
--
To post to this group, send an email to sage-devel@googlegroups.com
To unsubscribe from this group, send an email to
sage-devel+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
