Skip to content
  • Leigh B. Stoller's avatar
    Bottom line on this commit: Do not update the nodetypeXpid_permissions · 775ca147
    Leigh B. Stoller authored
    table by hand anymore! Update the group_policies table and then run
    the script to update the permissions table (sbin/update_permissions).
    My original thought when I started this was that I would be able to
    replace the existing nodetypeXpid_permissions table with this new
    stuff. Well, it turns out that this was not a good thing to do, for a
    couple of reasons:
      * Engineering: We access the nodetypeXpid_permissions table from three
        different languages, and no way I wanted to rewrite this library in
        in python and php!
      * Performance: We access the nodetypeXpid_permissions from the web
        interface, on every single page load. In fact, we access it twice if
        if you count the FreePCs() count that we put at the top of the menu.
        Going through this library on each page load would be a serious drag.
    So, rather then actually get rid of the nodetypeXpid_permissions table, I
    decided to keep it as a "cache" of permissions stored in the group
    policies table. Each time you update the policy tables, we need to run
    the update_permissions script which will call into this library (see the
    TBUpdateNodeTypeXpidPermissions() routine) to reconstruct the permissions
    table. I have whacked the grantnodetype script to do exactly that.
    Note that we could proably do the same thing for users by creating an
    equivalent nodetypeXuid_permissions table, mapping users to types they
    are allowed to use. That would be a lot rows, but the amount of data in
    the table is small. That would give us very fine grained control of what
    we show people in the web interface. Not sure it is worth it though.
    I also added some instructions to previous commit in database-migrate.txt
    on populating the new group_policies table from the existing
    permissions table.