Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <python-python-list@m.gmane.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.002
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'say,': 0.05; 'everybody,': 0.07; 'level,': 0.07; '22,': 0.09; 'app,': 0.09; 'framework.': 0.09; 'permissions': 0.09; 'portions': 0.09; 'read-only': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'sql,': 0.09; 'way:': 0.09; 'python': 0.11; 'volunteer': 0.12; 'assume': 0.14; 'buttons,': 0.16; 'damage.': 0.16; 'fiddle': 0.16; 'python-list,': 0.16; 'python;': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 's/he': 0.16; 'simplified': 0.16; 'simplifies': 0.16; 'subject:program': 0.16; 'subject:user': 0.16; 'unlikely': 0.16; 'utterly': 0.16; 'prevent': 0.16; 'wrote:': 0.18; 'do.': 0.18; 'app': 0.19; 'trying': 0.19; 'options.': 0.19; 'examples': 0.20; '>>>': 0.22; 'admin': 0.22; 'network,': 0.22; 'saying': 0.22; 'header:User-Agent:1': 0.23; 'regardless': 0.24; 'question': 0.24; 'login': 0.25; 'sort': 0.25; 'equivalent': 0.26; 'task': 0.26; 'subject:/': 0.26; 'asking': 0.27; 'header:X-Complaints-To:1': 0.27; 'header:In-Reply-To:1': 0.27; 'idea': 0.28; 'correct': 0.29; 'chris': 0.29; 'am,': 0.29; 'absolute': 0.30; 'database,': 0.30; 'nature': 0.30; "i'm": 0.30; 'easier': 0.31; 'posting': 0.31; 'that.': 0.31; '>>>>': 0.31; 'accidentally': 0.31; 'breaking': 0.31; 'correctly.': 0.31; 'disabled': 0.31; 'explained': 0.31; 'yes.': 0.31; 'probably': 0.32; 'figure': 0.32; 'guess': 0.33; 'level.': 0.33; 'role': 0.34; 'maybe': 0.34; 'could': 0.34; 'received:66': 0.35; 'advice': 0.35; 'knows': 0.35; 'something': 0.35; 'case,': 0.35; 'etc': 0.35; "who's": 0.35; 'but': 0.35; 'really': 0.36; 'idle': 0.36; 'transition': 0.36; 'entry': 0.36; "i'll": 0.36; 'possible': 0.36; 'application': 0.37; 'two': 0.37; 'level': 0.37; 'clear': 0.37; 'system,': 0.38; 'security,': 0.38; 'to:addr:python-list': 0.38; 'issue': 0.38; 'to:addr:python.org': 0.39; 'received:org': 0.40; 'users': 0.40; 'how': 0.40; 'even': 0.60; 'access,': 0.60; 'everybody': 0.60; 'solve': 0.60; 'most': 0.60; 'black': 0.61; 'entire': 0.61; 'matter': 0.61; 'course': 0.61; 'simple': 0.61; "you're": 0.61; 'first': 0.61; "you'll": 0.62; 'soon': 0.63; 'box,': 0.64; 'connecting': 0.64; 'more': 0.64; 'talking': 0.65; 'roles': 0.68; 'limit': 0.70; 'jul': 0.74; 'gain': 0.79; '(probably': 0.84; 'elevated': 0.84; 'monte': 0.84; 'nod': 0.84; 'so...': 0.84; 'staff,': 0.84; 'start.': 0.84; 'subject:Network': 0.84; 'technically': 0.84; 'tie': 0.84
X-Injected-Via-Gmane: http://gmane.org/
To: python-list@python.org
From: memilanuk <memilanuk@gmail.com>
Subject: Re: Network/multi-user program
Date: Wed, 23 Jul 2014 07:14:19 -0700
References: <slrnlsqelq.evp.memilanuk@machin-shin.milanuk.lan> <CAPTjJmqmGEVr8-DApUf5zUt3QpL+9=rOiweyzc0Z9thtBEpO=w@mail.gmail.com> <slrnlsqm8h.evp.memilanuk@machin-shin.milanuk.lan> <CAPTjJmrnXKpXraRbBwY=HjU08V1OQJvEBObToJaPbOpyogid5A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Gmane-NNTP-Posting-Host: 66.172.107.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
In-Reply-To: <CAPTjJmrnXKpXraRbBwY=HjU08V1OQJvEBObToJaPbOpyogid5A@mail.gmail.com>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.12242.1406124874.18130.python-list@python.org>
Lines: 67
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1406124874 news.xs4all.nl 2928 [2001:888:2000:d::a6]:50008
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:75087

On 07/21/2014 11:26 AM, Chris Angelico wrote:
> On Tue, Jul 22, 2014 at 4:16 AM, Monte Milanuk <memilanuk@invalid.com> wrote:
>> On 2014-07-21, Chris Angelico <rosuav@gmail.com> wrote:
>>> On Tue, Jul 22, 2014 at 2:07 AM, Monte Milanuk <memilanuk@invalid.com> wrote:
>>>> So I guess I'm asking for advice or simplified examples of how to
>>>> go about connecting a client desktop app to a parent/master desktop app,
>>>> so I can get some idea of how big of a task I'm looking at here, and
>>>> whether that would be more or less difficult than trying to do the
>>>> equivalent job using a web framework.
>>>
>>> Easier way: Don't have a "master desktop app", but instead have a
>>> master database. Since you're posting this to python-list, I'll assume
>>> you currently intend writing this in Python; you can make a really
>>> simple transition from single-user-single-desktop to a networked
>>> system, although of course you'll want to think in terms of multiple
>>> users from the start.
>>
>> So... if everybody is using the same application to access the same
>> database, how would you prevent say, a data entry user from accidentally
>> breaking something above their pay-grade?  Set up some sort of
>> role-based privilege system to limit them to write access for some
>> portions and read-only for others?
>
> That would be one way, yes. The first question you'd need to ask is:
> How do you know who's data-entry and who's admins? As soon as you
> solve that (probably with some sort of login), you tie the access
> level to that.

Given the small user base and the nature of the events, volunteer staff, 
everybody knowing everybody, etc. its pretty much a matter of the match 
admin saying "You, you and you - data entry" ;)

> If you need absolute security, you would have the user enter a login
> and password which would actually be the database credentials. Then
> you grant exact rights in the database manager, permitting ONLY what
> that user is allowed to do. It's then utterly impossible, even for
> someone who knows Python and SQL, to do damage.

Intriguing... and probably the most technically correct way as far as 
role-based access.  But also very unlikely that most of the end-users 
would be able to set up the DB correctly.  Just sayin'...

> But more likely, what
> you really want is a cut-down UI that simplifies things: if the user
> is data-entry level, you take away all the admin-type options. It
> might be possible to fiddle around in internals and gain elevated
> access, but that's not an issue in many environments.

That sounds very much like what I'm thinking of... maybe a token nod @ 
security with a passwd for 'admin' and 'data-entry' roles to keep idle 
passers-by from snooping or diddling with things they shouldn't.  Even 
if it just greyed-out / disabled buttons, tabs, etc. based on role that 
would probably meet needs.

> In any case, these are issues you'd need to figure out regardless of
> the development model. Ultimately, you could treat the entire
> computer, network, database, etc as a black box, and just look at two
> entities: the human, and the UI s/he is using. All permissions issues
> can be explained at that level.

Not really clear on what you're talking about on this part...

Monte