[development] Deleting Cached Permissions

David Metzler metzlerd at metzlerd.com
Tue Aug 28 03:04:57 UTC 2007


I just noticed that chx marked this issue as won't fix.  As one o the  
contrib users who continually bumps up against this permissions  
caching issue, can we hear about alternatives? This isn't just about  
per page security, but also a barrier to any dynamic role based  
system.  Including LDAP Groups and others.

If we really want barriers against programatic control of roles, then  
how should Ron implement this?   Can anyone suggest a way to deal  
with this problem?

Can we agree that implementing value based security for "Add" events  
is a good thing and get on to suggesting a solution to the problem?

Dave
On Aug 25, 2007, at 1:52 AM, Gerhard Killesreiter wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> David Metzler schrieb:
>> The permissions (user roles) are being altered temporarily.  The  
>> reasons
>> are documented in the issue Ron has referenced.
>
> I've said it once and I say it again since apparently nobody noticed:
>
> Temporarily changing user roles (per page request) is (currently)
> unsupported by Drupal.
>
> I'd even argue that it shouldn't be supported and that what Ron is  
> doing
> should be achieved in another way.
>
> Cheers,
> 	Gerhard
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGz9tkfg6TFvELooQRAu7yAKCHUg0KbF+Aj0l5VsE4Nmn6cTUTmgCgo39m
> G+VDt5ihnhiN7eEGKXg9lX8=
> =llJu
> -----END PGP SIGNATURE-----
>



More information about the development mailing list