[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: File attachment API proposal v2



Hi Luke, Chris,

On Sat, Jul 9, 2011 at 10:51 PM, Luke <..hidden..> wrote:
On Sat, 9 Jul 2011, Chris Travers wrote:

> As I am starting into this there are a couple of necessary changes.
>
> The biggest is that rewrite rules are not going to be good ideas here.
> They effectively prevent permissions from being properly enforced on
> the DDL level.  Triggers have the same problem.  Therefore looking at
> requiring modules to have their own stored procs for inserting file
> attachments.
>
> I am not sure what happens with triggers and inheritance and so not
> going down that road, but using rewrite rules only.....
>
> Feedback on this would be appreciated.

Unfortunately, I at least can't provide any.  I do not understand what you
mean by "rewrite rules".

Same here. I assume you mean the CREATE RULE statements, however, I have no experience with them. 
 
All I can suggest, which you've probably already considered, is to push as
much functionality as high as possible, and enforce permissions by shell
procs at the module level.  Keep the main logic above that. 

From a design point not as nice: lots of duplicated procs, but otoh, if it allows "easy" enforcement of authorizations, I'm all for it!

Bye,

Erik.