Bottom line on this commit: Do not update the nodetypeXpid_permissions
table by hand anymore! Update the group_policies table and then run the script to update the permissions table (sbin/update_permissions). Details: My original thought when I started this was that I would be able to replace the existing nodetypeXpid_permissions table with this new stuff. Well, it turns out that this was not a good thing to do, for a couple of reasons: * Engineering: We access the nodetypeXpid_permissions table from three different languages, and no way I wanted to rewrite this library in in python and php! * Performance: We access the nodetypeXpid_permissions from the web interface, on every single page load. In fact, we access it twice if if you count the FreePCs() count that we put at the top of the menu. Going through this library on each page load would be a serious drag. So, rather then actually get rid of the nodetypeXpid_permissions table, I decided to keep it as a "cache" of permissions stored in the group policies table. Each time you update the policy tables, we need to run the update_permissions script which will call into this library (see the TBUpdateNodeTypeXpidPermissions() routine) to reconstruct the permissions table. I have whacked the grantnodetype script to do exactly that. Note that we could proably do the same thing for users by creating an equivalent nodetypeXuid_permissions table, mapping users to types they are allowed to use. That would be a lot rows, but the amount of data in the table is small. That would give us very fine grained control of what we show people in the web interface. Not sure it is worth it though. I also added some instructions to previous commit in database-migrate.txt on populating the new group_policies table from the existing permissions table.
Showing with 326 additions and 34 deletions