[rt-users] RT: Essentials -- ToDo example

Todd Chapman todd at chaka.net
Thu Oct 27 11:41:01 EDT 2005


On Thu, Oct 27, 2005 at 11:01:30AM -0400, Jay R. Ashworth wrote:
> On Wed, Oct 26, 2005 at 03:52:03PM -0400, Todd Chapman wrote:
> > Soon I will be making the first public release of RTx::RightMatrix.
> > This RT extension makes it really easy to see all the rights a
> > user, group, or role has. You can then click on a right and see
> > all the different was that the user/group/role was granted that right.
> 
> Woo, and likewise hoo!
> 
> How hard would it be to extend that into something like a debug mode,
> where the system could log *which* path of rights permitted something
> when it's done?  Or does it already log that?
> 

When Principal::HasRight is called, many strange and wonderous
things happen. To over simplify it, some fancy SQl queries are
built that are essentially:

  select count(id) from ACL where <all the ways the user might have the right>

So HasRight does not trigger on a spscific right, but by the
existence of one or more Acces Control Entries that would satisfy
the criteria.

My extension, (which is avaliable now in subversion) will help you
figure out after the fact how the user was able to do <something>.

-Todd



More information about the rt-users mailing list