Menu
▾
▴
Re: [cep-dev] Users and Perms
|
From: Marcus W. <ma...@ph...> - 2004-12-09 19:31:09
|
Jackson Miller wrote: > Ok, I have a fresh cep install on PHP5 up at http://cep.jaxn.org. nice > > Auth doesn't work. I don't know why, though I dug into it for a while > last night. maybe... crappy implementation :) > > I looked at LiveUser too, but... > > I think we should go back to handling it all on our own. I think I am > going to overhaul auth and permissions (it needed it anyway). I am > going to keep all the functionality, but I am going to make it more > object oriented and cache a user object in the session. We can make > the user object configurable ala LocalClasses or something so that > people can use Auth if they want (or LiveUser or OCI, etc). I am > thinking something along the following: Interesting. This is probably wise. These two packages have lots of functionality, but the way they are designed is not ideal. > > CEP_User::doLogin($username, $password); > CEP_User::isAuthenticated(); // may be redundant > CEP_User::getUserID(); > CEP_User::checkGroup($group); > CEP_User::checkPerm($cep_object_id,$level); > CEP_User::doLogout(); > > We can add session hijacking protection later. yup. > It should be pretty easy to retrofit another auth/perm package to work > behind this interface, but I say we just ship our own implementation. > It is important that we control the API for our modules/libraries to > have access. > Also, by putting the CEP_User object in the session, it persists > across requests, reduces the overhead of object creation (object only > created once per session), and gives global access. agreed. Can we get some requirements of the auth package/CEP_User object down before we lockdown the API? Even if the above meets what the requirements end up being? > > -Jackson > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > Cep-development mailing list > Cep...@li... > https://lists.sourceforge.net/lists/listinfo/cep-development |
