RE: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch
|
From: Layne W. <la...@if...> - 2002-06-06 23:53:55
|
> Layne Weathers wrote: > > > > > The perm->check feature I have to fix, to return > > > true/false instead of showing perminvalid (which was > > > absurd anyway, you'd want a login/register form instead) > > > > You don't have to 'fix' anything. That's exactly what > > $perm->have_perm() does. $perm->check() is a shortcut to test > > and then show perminvalid if have_perm() failed. > > > > No, it isn't absurd. The login/register form should be > > there if no valid $auth is in place. The perminvalid makes > > perfect sense if the user is already logged in and does not > > have permission to access the page. I assume that each user > > has only one user account, > > You can be wrong here I think I can deal with being wrong. However, even if users have multiple accounts, I believe there is a difference between the login/register page and the perminvalid page that explains the lack of permission and suggests that the user login at a higher level in the provided login form. To my mind, the person who is logged in already needs to see why they can't access the page. In your multiple accounts scenario, the person logging in for the first time might very well want to see what perms are necessary to use the page so they can login at the correct level. In your scenario the two pages are very similar, but in my scenario they aren't. In the end, I'm happy as long as I can get the functionality I want without entirely rewriting the class(es). Layne Weathers Ifworld Inc. |
