Add explaination of permissions and defaults to database schema

author: Malf Furious <m@lfurio.us> 2016-10-23 12:51:50 -0400
committer: Malf Furious <m@lfurio.us> 2016-10-23 12:51:50 -0400
commit: d5860479c19e033d09fef9e0c6c6d607f82d26e3 (patch)
tree: f8eaa80a07e882aeefaea51e7fbabebfd192d040 /schema.sql
parent: 129657cef221af3d41b86ddac495ade8195eebce (diff)
download: scrott-d5860479c19e033d09fef9e0c6c6d607f82d26e3.tar.gz
scrott-d5860479c19e033d09fef9e0c6c6d607f82d26e3.zip
1 files changed, 20 insertions, 5 deletions
diff --git a/schema.sql b/schema.sql
index 412c346..968fb38 100644
--- a/schema.sql
+++ b/schema.sql
@@ -72,7 +72,22 @@ CREATE TABLE views (
 /*
  * Base table for Scrott objects
  *
- * TODO -- explain permissions and set defaults below...
+ * Explaination of permissions...
+ * Every object has an owner, zero or more additional members, and then there is the general
+ * public.
+ *                                              OWNER       MEMBERS         PUBLIC
+ * Permissions are:                         ------------------------------------------
+ *      Access object                           GRANTED     GRANTED         config
+ *      Modify object                           GRANTED     config          DENIED
+ *      Modify members                          GRANTED     config          DENIED
+ *      Modify permissions                      GRANTED     DENIED          DENIED
+ *      Access sub-objects                      GRANTED     config          config
+ *      Create sub-objects                      GRANTED     config          config
+ *      Modify sub-objects                      GRANTED     config          DENIED
+ *      Modify sub-objects' members             GRANTED     config          DENIED
+ *      Modify sub-objects' permissions         GRANTED     DENIED          DENIED
+ *
+ * Permissions can be overridden in sub-objects, but will cascade otherwise.
  */
 DROP TABLE IF EXISTS objects;
 CREATE TABLE objects (
@@ -85,10 +100,10 @@ CREATE TABLE objects (
 
     membModify  int(1)              NOT NULL    DEFAULT 0,      /* members can modify object */
     membMemb    int(1)              NOT NULL    DEFAULT 0,      /* members can modify members */
-    membAccs    int(1)              NOT NULL    DEFAULT 0,      /* members can access sub-objects */
-    membCres    int(1)              NOT NULL    DEFAULT 0,      /* members can create sub-objects */
-    membModifys int(1)              NOT NULL    DEFAULT 0,      /* members can modify sub-objects */
-    membMembs   int(1)              NOT NULL    DEFAULT 0,      /* members can modify sub-obj members */
+    membAccs    int(1)              NOT NULL    DEFAULT 1,      /* members can access sub-objects */
+    membCres    int(1)              NOT NULL    DEFAULT 1,      /* members can create sub-objects */
+    membModifys int(1)              NOT NULL    DEFAULT 1,      /* members can modify sub-objects */
+    membMembs   int(1)              NOT NULL    DEFAULT 1,      /* members can modify sub-obj members */
     pubAcc      int(1)              NOT NULL    DEFAULT 0,      /* public can access object */
     pubAccs     int(1)              NOT NULL    DEFAULT 0,      /* public can access sub-objects */
     pubCres     int(1)              NOT NULL    DEFAULT 0,      /* public can create sub-objects */
author	Malf Furious <m@lfurio.us>	2016-10-23 12:51:50 -0400
committer	Malf Furious <m@lfurio.us>	2016-10-23 12:51:50 -0400
commit	d5860479c19e033d09fef9e0c6c6d607f82d26e3 (patch)
tree	f8eaa80a07e882aeefaea51e7fbabebfd192d040 /schema.sql
parent	129657cef221af3d41b86ddac495ade8195eebce (diff)
download	scrott-d5860479c19e033d09fef9e0c6c6d607f82d26e3.tar.gz scrott-d5860479c19e033d09fef9e0c6c6d607f82d26e3.zip