[development] Deleting Cached Permissions
David Metzler
metzlerd at metzlerd.com
Tue Aug 28 03:04:57 UTC 2007
I just noticed that chx marked this issue as won't fix. As one o the
contrib users who continually bumps up against this permissions
caching issue, can we hear about alternatives? This isn't just about
per page security, but also a barrier to any dynamic role based
system. Including LDAP Groups and others.
If we really want barriers against programatic control of roles, then
how should Ron implement this? Can anyone suggest a way to deal
with this problem?
Can we agree that implementing value based security for "Add" events
is a good thing and get on to suggesting a solution to the problem?
Dave
On Aug 25, 2007, at 1:52 AM, Gerhard Killesreiter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> David Metzler schrieb:
>> The permissions (user roles) are being altered temporarily. The
>> reasons
>> are documented in the issue Ron has referenced.
>
> I've said it once and I say it again since apparently nobody noticed:
>
> Temporarily changing user roles (per page request) is (currently)
> unsupported by Drupal.
>
> I'd even argue that it shouldn't be supported and that what Ron is
> doing
> should be achieved in another way.
>
> Cheers,
> Gerhard
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGz9tkfg6TFvELooQRAu7yAKCHUg0KbF+Aj0l5VsE4Nmn6cTUTmgCgo39m
> G+VDt5ihnhiN7eEGKXg9lX8=
> =llJu
> -----END PGP SIGNATURE-----
>
More information about the development
mailing list