mRFC 0044: (Mjölnir) MgdSchema ACLs
Introduction
The idea is to allow component developers specify more fine-grained access-control that works on gObject level, these can be set per property and both on the MgdSchema XML file and on API level.
Controls
Read
Whether property can be read, can be used for write-only properties on mgdschema level (passwords etc) or to restict access to private data when access to the whole object should not be restricted (from example disallow read of event title but allow read of the dates)
Write
Whether property can be written to, if user does not have write privileges for the object we can flag all properties as not writable and get extra layer of safety.
MgdSchema level
On MgdSchema two new parameters to the property are added "read" and "write", both default to "true".
API Level
Here we can change a true to false but not vice versa, ie we can add additional restrictions but not remove existing ones, these are added per object instance, for example using the following syntax:
$object->add_acl('property', 'write', false);
Trying to change an existing ACL setting from false to true will throw an exception.
Use cases
Private events
We get signal of an 'event' object being instantiated and we see that this event has 'private' property set to true but the current user is not the creator of the event, so we deny read on event title and some other properties we consider to containt private data.