1. 25 Jan, 2005 1 commit
  2. 24 Jan, 2005 1 commit
    • Leigh Stoller's avatar
      Bottom line on this commit: Do not update the nodetypeXpid_permissions · 775ca147
      Leigh Stoller authored
      table by hand anymore! Update the group_policies table and then run
      the script to update the permissions table (sbin/update_permissions).
      
      Details:
      
      My original thought when I started this was that I would be able to
      replace the existing nodetypeXpid_permissions table with this new
      stuff. Well, it turns out that this was not a good thing to do, for a
      couple of reasons:
      
        * Engineering: We access the nodetypeXpid_permissions table from three
          different languages, and no way I wanted to rewrite this library in
          in python and php!
      
        * Performance: We access the nodetypeXpid_permissions from the web
          interface, on every single page load. In fact, we access it twice if
          if you count the FreePCs() count that we put at the top of the menu.
          Going through this library on each page load would be a serious drag.
      
      So, rather then actually get rid of the nodetypeXpid_permissions table, I
      decided to keep it as a "cache" of permissions stored in the group
      policies table. Each time you update the policy tables, we need to run
      the update_permissions script which will call into this library (see the
      TBUpdateNodeTypeXpidPermissions() routine) to reconstruct the permissions
      table. I have whacked the grantnodetype script to do exactly that.
      
      Note that we could proably do the same thing for users by creating an
      equivalent nodetypeXuid_permissions table, mapping users to types they
      are allowed to use. That would be a lot rows, but the amount of data in
      the table is small. That would give us very fine grained control of what
      we show people in the web interface. Not sure it is worth it though.
      
      I also added some instructions to previous commit in database-migrate.txt
      on populating the new group_policies table from the existing
      permissions table.
      775ca147
  3. 05 Dec, 2003 1 commit
    • Leigh Stoller's avatar
      Move setting the node permission table for a project from the web · 4931fecf
      Leigh Stoller authored
      interface to the backend. mkproj now looks at the pcremote_ok set
      and makes the proper calls to grantnodetype. This reduces the amount
      of hardwired goo in the web interface.
      
      Still, there is a bit of hardwired stuff in mkproj. At present we do
      not form a relationship between a phys node type and the types we
      assign to the virtual nodes. Thats is, nothing says that a pcplabphys
      implies the right to use pcplabinet, etc. With only 3 remote phys
      types, I just hardwired it into mkproj calling grantnodetype with type
      pcplab (the class for the virtnodes) for pcplabphys. Same for pcron
      and pcwa, (both get pcvwa). Ultimately we need a better type system.
      In general the type system is pretty screwy.
      4931fecf
  4. 04 Dec, 2003 1 commit
    • Leigh Stoller's avatar
      New script. · f06d9a59
      Leigh Stoller authored
      Grant permission to use types/class of nodes. If given a specific
      "type", then grant permission to use just that type. If its a class, then
      permission to use all of the types in that class, the class itself, and any
      aux nodetypes for the type/class (node_types_auxtypes table).
      
      For example:
      
      	wap grantnodetype -p testbed pc2000
      	wap grantnodetype -p testbed pcvm
      	wap grantnodetype -p testbed pcplab
      f06d9a59