Posted: Sat Jul 01, 2006 10:39 pm
Aha. That's sounds pretty cool and convenient.
Have you considered implenting filesystem style permissions?
Have you considered implenting filesystem style permissions?
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Ding! It's striking how often people just say "CHMOD it 777" and don't explain its implications.Yeah, but my past efforts with using that type haven't been met with very good results. They are somewhat difficult to use properly. Easy to use, but difficult to use properly.
Thank god that Dreamhost doesn't force you to do that for your scripts! "Yes, I want you to rape me, drive it in really deep!" However I found that if you want to restrict the browser, you have to use 754, which seems to work for me at least. Or you could just place it underneath the public web folder.Ambush Commander wrote:Ding! It's striking how often people just say "CHMOD it 777" and don't explain its implications.
Yeah, that is a really good idea. My current design only allows for one role (either level or role) and one PermissionAuthorizer. I want to allow for a way to use multiple ones. Perhaps have an array for the role for when more than two are added. My prediction however is that I doubt anyone is going to use more than one role and one permission for most projects.Ambush Commander wrote:If you're mixing up permissions and roles (which sounds like a great idea, by the way), you really should have a generic Authorizer that can be composed of PermissionAuthorizer or RoleAuthorizer or both. That way, the functionality is encapsulated and reused.
Code: Select all
/**
* @param string $username if empty then session is tried instead, else set else $user will be anonymous and could
* be restricted even when signed in.
*/
$authorization = new AuthTools_Authorize_RoleAuthorizer([$username]); // implements AuthTools_Authorize_iAccessAuthorizer
$authorization->setPageName($pageName);
/**
* Retrieves page from database and checks to see if username has the correct role to access page.
*/
if($authorization->isAuthorized() === false) {
die("You don't have access here!");
}
/**
* Checks to see if user has permissions at or above required to preform function.
*/
if($authorization->hasAccess($requiredRole) === true) {
// Perform action
}Code: Select all
$actionACL = new AuthTools_Authorize_ActionPermission([$username]);
// implements AuthTools_Authorize_iPermissionAuthorizer
if($actionACL->hasPermission($actionName) === true) {
// Preform Action
}Well, actually I was having trouble with the post-commit hook, and I couldn't get dhapache into my group, so I was forced to chmod the entire live/ checkout of authtools 777.Thank god that Dreamhost doesn't force you to do that for your scripts!
Well, in the filesystem world, execute is very interesting special case, because anything that is out there, if you can read, you can execute, just make a copy.Nah, I mean more to the effect of a three tier or point Permission: such as Read (Access), Write (Edit), Execute (Update). The read permission is set up for whether the user or group can access the page in the first place. The write is whether the person can edit any fields. The execute is what I have a problem with, it should probably be whether the person can edit another person's fields. For example, delete another's post. I don't know, I would rather have two permissions and combine the write and excute. If you provide any clearification on the uses of having three There is a difference between the two, but I have difficultly figuring out how to use both Write and Execute correctly. The Read is easy, unless I'm getting that mixed up also.
Really? I didn't have to do that with my post-commit hook. Are you using a Perl Script, Shell Script, or PHP script to do it? I just used the svn export to the folder. Of course, I was using a compiled version of Subversion, but it shouldn't matter.Ambush Commander wrote:Well, actually I was having trouble with the post-commit hook, and I couldn't get dhapache into my group, so I was forced to chmod the entire live/ checkout of authtools 777. :-(Thank god that Dreamhost doesn't force you to do that for your scripts!
Code: Select all
$form = new AuthTools_Form();
// Validates against Sign In Form Key => Value Pairs.
if($form->validateSignIn() == true)
{
$form->setSession();
// AuthTools_SessionHandler::SetSession();
// Or whatever the final method for setting the session is.
} else {
$form->redirect($locationToRedirect);
}
// Validates against Register Form
if($form->validateRegister() == true)
{
// Add User to Table Not part of AuthTools.
} else {
$form->redirect($locationToRedirect);
}
// Configuration for settings, else it will use the default settings.
// Will use the added class before checking for the default class existance.
$form->changeSettings(AuthTools_Form_iAdapter $plugin);