-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Cells Users:
Maybe you have come across this also ...
While working on the other challenges I have been telling on this list I am also trying to set-up an authorization model for Cells.
I need to check permissions to Create, Update, Read, and Delete a cell slot. I thought about having hooks on each of these operations such that on every such operation within Cells an "outside function" can be called. These just return t or nil depending on permission check success or failure. As the model outside can be quite different from case to case (app to app) I did not think about implementing this within Cells.
So
(cells:add-hook 'cells:slot-read slot-reference 'my-permission-check- function)
would install that hook.
Or should I keep this on class level instead of on slot level because of possible impacts on propagation speed and other inner Cells aspects? I'd prefer to get the fine-grained control here and no, I'm not trying to get into the premature optimization game but want to get some basic thoughts straight.
Again: Any feedback very welcome!
Cheers, Frank
Frank Goenninger DG1SBG wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Cells Users:
Maybe you have come across this also ...
While working on the other challenges I have been telling on this list I am also trying to set-up an authorization model for Cells.
I need to check permissions to Create, Update, Read, and Delete a cell slot. I thought about having hooks on each of these operations such that on every such operation within Cells an "outside function" can be called. These just return t or nil depending on permission check success or failure. As the model outside can be quite different from case to case (app to app) I did not think about implementing this within Cells.
So
(cells:add-hook 'cells:slot-read slot-reference 'my-permission-check- function)
would install that hook.
I went ahead and made md-slot-value and its setter into generic functions. Not the end of the world performance-wise from brief analysis with ACLs profiler. More study necessary, but my guess is you really want more than this (such as making the hook specific to a slot, as per your add-hook semantics) and it would impact everyone, so I will await further input before exploring this further. Possibly you want a new defmodel slot option?
kt
Kenny Tilton writes:
I went ahead and made md-slot-value and its setter into generic functions. Not the end of the world performance-wise from brief analysis with ACLs profiler.
(Yikes!) If I'm not mistaken, speed of generic-function dispatch is something where Allegro is head-and-shoulders above the competition. I guess I'll try profiling SBCL before I freak out, but I'd guess this could have nasty performance penalties there.
Frank Goenninger DG1SBG writes:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Cells Users:
Maybe you have come across this also ...
While working on the other challenges I have been telling on this list I am also trying to set-up an authorization model for Cells.
I need to check permissions to Create, Update, Read, and Delete a cell slot. I thought about having hooks on each of these operations such that on every such operation within Cells an "outside function" can be called. These just return t or nil depending on permission check success or failure. As the model outside can be quite different from case to case (app to app) I did not think about implementing this within Cells.
I'm really not seeing what you're wanting to do here. Why does the authorization take place at the cell-access level? In the past, I've had slots that held authentication and authorization policy objects. For formulas that need authorization, you just stick an (assert (^authorized)) in the appropriate places.
-
Frank Goenninger DG1SBG -
Kenny Tilton -
Thomas F. Burdick