diff options
| author | Russ Allbery <rra@stanford.edu> | 2007-11-20 02:01:27 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2007-11-20 02:01:27 +0000 |
| commit | 66da128c39971f9a40553af9351b489f1ad186e1 (patch) | |
| tree | 43522aaa63f8d290ab605322d20892b8a4bc0bb5 /TODO | |
| parent | 96d4c0b4dbf8b2ff4649f418bd170d1242910b10 (diff) | |
Add support for running a user-defined function whenever an object is
created by a non-ADMIN user and using the default owner ACL returned
by that function provided that the calling user is authorized by that
ACL. This permits dynamic creation of new objects based on a default
owner ACL programmatically determined from the name of the object.
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 11 |
1 files changed, 4 insertions, 7 deletions
@@ -16,13 +16,6 @@ Release 0.3: * Write the PTS ACL verifier. -* Add support for a default creation policy and default ACLs. The policy - function needs to return a list of ACLs, and we'll need an ACL function - to check the user against such a list rather than an ACL that already - exists in the database. When we create such an object, we'll also need - to name the ACL, which may require fallback logic if the name was - already taken. - * Use the class names in the database tables when loading object and ACL verifier implementations. @@ -95,6 +88,10 @@ Release 1.0: * Implement a simple file wallet object. Document a naming convention for those files (group-service, perhaps). +* Revisit the way default ACL creation is handled. Add a new function to + verify an ACL given as an array without requiring that it be in the + database first and write better code for comparing two ACLs. + Future work: * Write a conventions document for ACL naming, object naming, and similar |