You are right. That would be much more efficient for any ACL check. Werner. Tim Olsen wrote: > > On 5/15/07, Werner Donné <werner.donne@re.be> wrote: >> That is true. You have to join with the ACEs granting or >> denying the "read", "read-acl", "read-current-user-privilege-set" >> and "all" privileges. The result set should then be matched >> with the current user. This can't be part of the same join, >> because of group memberships. > > They can be part of the same join if you keep a separate table of the > transitive closure of group memberships. > > -Tim > > -- Werner Donné -- Re Engelbeekstraat 8 B-3300 Tienen tel: (+32) 486 425803 e-mail: werner.donne@re.beReceived on Tuesday, 15 May 2007 13:12:59 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 October 2007 17:53:27 GMT