next up previous contents
Next: Specifying constraints for the Up: Grouping access rights Previous: Grouping roles   Contents


Grouping groups

The groups can be also assigned to the other groups. This can be done only if the content of the group to which we want to add new group is defined as "Groups" and the types of the groups are the same. The relations beetwen the groups are kept in the separate database table (see section 1.13, figure 1.5): AR_Group_Groups) where we define the group_id from higher level (parent) and group_id from lower level (child). In this table the unique key is defined on both of the columns. The important rules are that the group can not be ascended to itself and also that there is no possibility to create the same combination of groups but with different order of columns (the group ids changed beetwen the columns).
If we want to add the group to the other group, we have to be in right with the condition presented above. Then we have to check the group constraints (checking that the new child group can cooperate with the other already defined child groups). This constraints are stored in the same table where the constraints for the assigning user to the groups are defined (AR_Group_Constraints - Table 1.4). The difference is only in the relation type, her it is defined as "group-group".

In this case the algorithm takes from the parent group the current list of its child groups. The existing children are set together one by one with the new child. Each couple of values is used as a condition for the WHERE clause in the following SQL statement:

SELECT group_cons_id FROM ar_group_constraints WHERE ((group1_cons_id='existing_child_group' and group2_cons_id='new_child_group') or (group1_cons_id='new_child_group' and group2_cons_id='existing_child_group')) and (group_cons_type='group-group-cons')

For each couple of role values one SELECT is executed. When all combination are positively verified (no results for each combination) then new child group can be appraised to the parent group. If there is a result for some union then this means that some constraints are defined and new group can not be added. The algorithm is not stooped in this point and it just go through the all combinations. All results are collected and then they are showed to the administrator. The administrator has clear picture which existing groups are in the conflict with the new child group.


next up previous contents
Next: Specifying constraints for the Up: Grouping access rights Previous: Grouping roles   Contents
Marek Imialek 2006-06-22