On 9 Jul 2010, at 19:25, Stefan Sobernig wrote:
Has anyone done any code or a framework for managing per-class permissions? Basically a way to do rules describing which other objects, or which roles users must have, in order to call the different methods provided by instances of the class (plus any class procs). This is kind of like an expanded approach to Java style simple permissions (private/protected/public), which of course could also be incorporated into that, if wanted.
Nope, speaking for myself, I have never done anything into this direction. (And never really felt the need for doing so.)
I've been using XOTcl since the 0.8 days and this is also the first time I feel the real need for it :-)
I don't believe in doing very fixed Java style public/protected/private stuff, and that wouldn't suffice for this purpose, but looking at something a bit more flexible. Basically I need strong protections in place. I'm playing around with some ideas and for Scred (which is Python :( ) I may end up implementing something, depending on how it works.
In the upcoming major release, there will be some "access properies" (like the UML2 private, for instance) to manipulate the publicly accessible signature interface of an object whereas these can then still be tweaked (removed or set) through a lower-level API at any time).
Are these really necessary, though? I've never felt even the slightest need for that, and they wouldn't help with what I'm doing anyway. Basically I see the Java access properties as a documentation matter, and should not be seen as a help with security.