I think this should be considered a bug and I agree with the change. Anybody opposed?
Massimo On Sep 7, 11:46 pm, Alexey Nezhdanov <snak...@gmail.com> wrote: > Hi. I think that I found some inconsistency in the topic. > When you do, say, > auth.add_permission(group_id) - it assumes the permission name 'any', table > name empty and record_id 0. > Which in turn feels like "full admin rights" - any action on any table on > any record. > In fact, that gives no permissions whatsoever. > > I've came out with the following patch to make it work for me, but since > that is the very core of RBAC, I'm not sure if that is the right solution or > if I am looking in the correct direction at all. > > --- tools.old.py 2010-09-08 08:40:22.266751051 +0400 > +++ tools.py 2010-09-08 08:41:25.894746181 +0400 > @@ -2420,10 +2420,9 @@ > == record_id).select(permission.group_id) > groups_required = set([row.group_id for row in rows]) > if record_id: > - rows = self.db(permission.name > - == name)(permission.table_name > - == str(table_name))(permission.record_id > - == 0).select(permission.group_id) > + rows = self.db(permission.name.belongs((name,'any'))& > + > permission.table_name.belongs((str(table_name),''))& > + > permission.record_id.belongs((record_id,0))).select(permission.group_id) > groups_required = groups_required.union(set([row.group_id > for row in rows])) > if groups.intersection(groups_required): > > Regards > Alexey
