W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2007

Re: PROPFIND Depth:1 and ACLs

From: Werner Donné <werner.donne@re.be>
Date: Tue, 15 May 2007 15:13:28 +0200
Message-ID: <4649B1F8.2060102@re.be>
To: Tim Olsen <tolsen718@gmail.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, w3c-dist-auth@w3.org

You are right. That would be much more efficient for
any ACL check.

Werner.

Tim Olsen wrote:
> 
> On 5/15/07, Werner Donné <werner.donne@re.be> wrote:
>> That is true. You have to join with the ACEs granting or
>> denying the "read", "read-acl", "read-current-user-privilege-set"
>> and "all" privileges. The result set should then be matched
>> with the current user. This can't be part of the same join,
>> because of group memberships.
> 
> They can be part of the same join if you keep a separate table of the
> transitive closure of group memberships.
> 
> -Tim
> 
> 

-- 
Werner Donné  --  Re
Engelbeekstraat 8
B-3300 Tienen
tel: (+32) 486 425803	e-mail: werner.donne@re.be
Received on Tuesday, 15 May 2007 13:12:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:15 GMT