From: Demian K. <dem...@vi...> - 2012-07-05 14:04:16
|
> This looks like a misunderstanding. I didn't argue for a complete rewrite from > scratch but simply to solve the problem of access control first and worry > about JSON later. Ahh, okay, that makes sense. Essentially there are two refactoring projects to consider: more standardized access control, and better use of AJAX. We should tackle access control first because it may simplify the AJAX piece. > Why is email a special case? Isn't it yet another action of the application > that requires authentication? The special case is the nature of the authentication. VuFind users are used to sending emails without logging in. I think we need to retain that feature, at least as a configurable option, while adding some better protection against spammers (i.e. CAPTCHA integration). If we have different types of authentication for different types of actions, it's more than a binary "is authenticated / is not authenticated" system at some level. > I took a look into the ZF2 ACL classes think we would need something like an > AccessControllManager that hooks into the pre-dispatch event and uses rules to > match a route and reroutes to the login page if neccessary. > > To get things started we can start with a hardcoded map of > MyResearch/* and then think about a way to encode rules. To do this I > volunteer to look into the Yii Framework's access control implementation. Thanks for looking into this. I haven't gotten as far as dealing with access control in 2.0 beta yet, though that's probably coming soon. The 2.0alpha approach involves using methods in the abstract base controller that all VuFind controllers extend. I'll probably port this forward as long as it doesn't require excessive reworking to maintain functionality. That's something that can be easily refactored to better use framework features, since it's just a matter of searching for calls to the authentication methods and replacing them with the necessary framework configuration. Probably the biggest challenge from a technical perspective is maintaining the user's context before login and ensuring that they get redirected back to the correct place after successfully authenticating. This was horrendously complicated in the 1.x code. It is much simpler in the 2.0 code, but we'll have to review all the details to be sure nothing breaks if we switch to a more generic approach. This is obviously a common problem, so I'm confident there is a standard solution -- we just need to be sure there aren't any ugly details in the current VuFind code that make adaptation difficult. - Demian |