- From: Werner Donné <werner.donne@re.be>
- Date: Tue, 15 May 2007 15:13:28 +0200
- To: Tim Olsen <tolsen718@gmail.com>
- Cc: Julian Reschke <julian.reschke@gmx.de>, w3c-dist-auth@w3.org
You are right. That would be much more efficient for any ACL check. Werner. Tim Olsen wrote: > > On 5/15/07, Werner Donné <werner.donne@re.be> wrote: >> That is true. You have to join with the ACEs granting or >> denying the "read", "read-acl", "read-current-user-privilege-set" >> and "all" privileges. The result set should then be matched >> with the current user. This can't be part of the same join, >> because of group memberships. > > They can be part of the same join if you keep a separate table of the > transitive closure of group memberships. > > -Tim > > -- Werner Donné -- Re Engelbeekstraat 8 B-3300 Tienen tel: (+32) 486 425803 e-mail: werner.donne@re.be
Received on Tuesday, 15 May 2007 13:12:59 UTC