RE: [Phplib-users] handle perm in auth
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] handle perm in auth
|
From: Daniel B. <bo...@io...> - 2002-10-10 00:37:44
|
what is wrong with $perm->have_perm() on your page? http://www.sanisoft.com/phplib/manual/permissionsMethods.php On Wed, 2002-10-09 at 17:18, Rob Hutton wrote: > WARNING FEATURE REQUEST FEATURE REQUEST!!!!!! > > Gian, > I have seen several apps lately (especially content management apps) that > require different perms per page. I was going to suggest a perm extension > something like page_open('perms' => 'perPagePerms('identifier')); that > would set permissions on a per page or module or whatever basis. Can you > have that done by tomarrow? ;-) > > Rob Hutton > Web Safe > www.wsafe.com > > ********************************************************************** > > Introducing Symantec Client Security - Integrated Anti-Virus, > Firewall, and Intrusion Detection for the Client. > > Learn more: > http://enterprisesecurity.symantec.com/symes238.cfm?JID=2&PID=11624271 > > View our Symantec Client Security Demo: > http://enterprisesecurity.symantec.com/symes238.cfm?JID=3&PID=11624271 > > Download the Symantec Client Security Fact Sheet: > http://enterprisesecurity.symantec.com/symes238.cfm?JID=4&PID=11624271 > > Download the Symantec Client Security Brochure: > http://enterprisesecurity.symantec.com/symes238.cfm?JID=5&PID=11624271 > > > > -----Original Message----- > > From: php...@li... > > [mailto:php...@li...]On Behalf Of Giancarlo > > Sent: Wednesday, October 09, 2002 7:42 PM > > To: phplib-users > > Subject: [Phplib-users] handle perm in auth > > > > > > you know, the perm stuff was added later to phplib. And there are > > in fatc two > > ways of working with phplib: auth check is dome at the obj start, > > perm has to > > be checked in the page eventually. auth is start-checked, perm has to be > > post-checked. > > > > So imagine the possibility of handling perm->has_the_moon within your > > extended auth class methods... It is an alternative anyway, > > something that > > with the new design becomes possible. > > > > I propose you these two pieces, one of the actual page.inc > > (snapshot), and > > the other of tomorrow's. There is infact no difference in the > > flow, just a > > lot of development doors open, eg by extending the lifetime > > concept from an > > unique general value, to something related to the permissions. > > Ofcourse, we could also add a new $perm->check_expire functionality, and > > place it everywhere needed, but...the auth[exp] is broken logic > > also, because > > it doesn't tell us the expire that was calculated on, and this > > new snapshot > > coming out is ready for this new fubctionality. > > > > With this I think the circle is really closed, and I am surprised > > myself how > > many things went right and how this all in fact changes nothing > > in the usual > > usage. > > > > Maybe an interesting discussion. > > > > Will work on this, thanks all > > > > Gian > > > > > > > > <snip> > > I attach you a page inc that perfectly works with the latest snapshot. > > > > The revolution is that the perm object can be started before the > > auth object > > is started, even though after it has been instantiated. > > This is perfectly functional, an allows further, optional, > > development and > > usage > > I attach a commented version of a part of it. I'd wait for this, > > although it > > has no practical differences but just opens doors. > > > > I hope I am not getting a crab with this.. > > > > > > ----------old (snapshot) page.inc-------------------------------- > > # the auth feature depends on sess > > if (isset($feature["auth"])) { > > global $auth; > > > > if (!is_object($auth)) { > > $auth = new $feature["auth"]; > > } > > $auth->start(); > > #################################################### > > ## start does not rely on the perm obj anyway > > ## start does not set any of his auth[perm] values, except, > > ## if not authed, start() will clear his auth[perm], > > splash and exit > > ## this is the only action of auth on its own auth[perm] > > #################################################### > > # the perm feature depends on auth and sess > > if (isset($feature["perm"])) { > > global $perm; > > > > if (!is_object($perm)) { > > $perm = new $feature["perm"]; > > } > > } > > > > # the user feature depends on auth and sess > > ... > > > > ---------new page.inc------------------------------------------------ > > > > # the auth feature depends on sess > > if (isset($feature["auth"])) { > > global $auth; > > if (is_object($auth)) > > $auth= $auth->check_feature($feature["auth"]); > > else > > $auth = new $feature["auth"]; > > > > ######################################### > > # the perm object is started if requested > > ######################################### > > # the perm feature depends on auth and sess > > if (isset($feature["perm"])) { > > global $perm; > > > > if (!is_object($perm)) { > > $perm = new $feature["perm"]; > > } > > } > > > > #################################################### > > ## start does not rely on the perm obj > > ## start does not set anyof his auth[perm] values, except, > > ## if not authed, start() will clear his auth[perm], > > splash and exit > > ## this is the only action of auth on its own auth[perm] > > #################################################### > > ## ***** BUT WE CAN CHECK STUFF FROM PERM, > > ## eg assign different auth->lifetime for different perms ****** > > ## ***** in is_authenticated/check_expire > > ######################################################## > > > > if (!$auth->start() ) { ### user is not authenticated, nobody > > if (!$auth->nobody) { ### page cannot be seen by > > unauthed users > > page_showform(); ### splash the form > > $sess->freeze(); ### save state > > exit; > > } > > } > > > > # the user feature depends on auth and sess > > ... > > > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Phplib-users mailing list > > Php...@li... > > https://lists.sourceforge.net/lists/listinfo/phplib-users > > > > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
