[Red5devs] Permissions for SOs, and...
Steven Gong
steven.gong at gmail.com
Wed Jun 14 20:48:23 EDT 2006
On 6/14/06, Joachim Bauch <jojo at struktur.de> wrote:
>
> Hi,
>
> Luke Hubbard wrote:
> > Just been chatting to Joachim about adding permissions to SOs.
> > So my idea was lets use unix style permissions.
> [...]
> > Ok, so you can see the possibilities I hope.
> >
> > client.setDefaultGroup('admin')
> > client.setGroups (['staff','kungfu_masters']);
> > client.isInGroup('admin') // true
> >
> > so.setOwner(client);
> > so.setGroup('staff');
> > so.setPermissions(ALL,READ+WRITE,NONE); // owner, group, world
> >
> > Perhaps we can even add some unix style command processing as a
> untiltiy..
> > Now im getting freaky.. Feel free to slap me down.
> >
> > Red5.chmod('766',so);
> > Red5.chown('admin:staff',scope);
> > Red5.chgrp('ledzep',scope,true); // true being recursive..
>
> Why not use so.chmod('766'), scope.chown('admin:staff'), etc.? As all
> these objects need to implement an interface to support permissions, they
> could provide the methods themselves.
>
> > Now this could be applied to scopes, streams, services? and perhaps
> > other objects in red5.
>
> The permission system could internally use the IAttributeStore to store
> the assigned roles / permissions so basically every object that
> implements IAttributeStore could have permissions assigned to it.
Good idea. How about we get a design on how the IAttributeStore is arranged
for core Red5 objects? And have you got the idea about how to control the
access to the attribute store itself?
> Perhaps we can tie the users and groups into those used by the servlet
> > container.
>
> Does this support external backends like LDAP? App. developers might
> want to use such backends for their permission storage...
>
> > So questions are...
> >
> > What do people think about this style of permissions ?
> > Do we need finer grained permissions? ( IMHO: possibly, but could get
> > messy )
>
> I think we should use string based permissions with the defaults "Read",
> "Write" and "Execute" (or something similar). String based permissions
> have the advantage that apps could define their own permissions and use
> the Red5 infrastructure to manage / query them.
>
> Example: A chat application could define a permission "Is chat moderator"
> that can be queried by the application like::
>
> ...
> if (!room.checkPermission("Is chat moderator"))
> throw new RuntimeError("You are not a chat moderator.");
>
> moderateChat(room);
> ...
>
> > Which objects need permissions? What permissions do they need?
> > Do we need groups?
>
> Yes, we should support groups as they make managing lots of users much
> easier.
>
> Joachim
>
>
> _______________________________________________
> Red5devs mailing list
> Red5devs at osflash.org
> http://osflash.org/mailman/listinfo/red5devs_osflash.org
>
>
>
>
--
Best Regards
Steven Gong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://osflash.org/pipermail/red5devs_osflash.org/attachments/20060615/3b65a4f7/attachment.htm
More information about the Red5devs
mailing list