Menu
▾
▴
[cep-dev] Users and Perms
|
From: Jackson M. <jm...@ma...> - 2004-12-09 17:23:54
|
Ok, I have a fresh cep install on PHP5 up at http://cep.jaxn.org. Auth doesn't work. I don't know why, though I dug into it for a while last night. I looked at LiveUser too, but... I think we should go back to handling it all on our own. I think I am going to overhaul auth and permissions (it needed it anyway). I am going to keep all the functionality, but I am going to make it more object oriented and cache a user object in the session. We can make the user object configurable ala LocalClasses or something so that people can use Auth if they want (or LiveUser or OCI, etc). I am thinking something along the following: CEP_User::doLogin($username, $password); CEP_User::isAuthenticated(); // may be redundant CEP_User::getUserID(); CEP_User::checkGroup($group); CEP_User::checkPerm($cep_object_id,$level); CEP_User::doLogout(); We can add session hijacking protection later. It should be pretty easy to retrofit another auth/perm package to work behind this interface, but I say we just ship our own implementation. It is important that we control the API for our modules/libraries to have access. Also, by putting the CEP_User object in the session, it persists across requests, reduces the overhead of object creation (object only created once per session), and gives global access. -Jackson |
