i have been searching for some authorization libraries so that i do not reinvent the wheel. i have common kind of entities as most applications have.
the following are there
1. objects
2. different actions that can be perfomed on those objects
3. users
4. groups
a common complex condition may be
an owner can only edit an article but anyone can view an article.
or they may be silly multiple custom checks to be perfomed before action is allowed on an object.
i did go through Zend_Acl but it seems to be simple, jus resource -> group mapping. I was going through PEAR, there is one called LiveUser_Admin but it does not have any good end user documentation.
you guys aware of any reliable authorization library around?
thanks.
Authorization libraries
Moderator: General Moderators
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Authorization libraries
Have you used it?arborint wrote:phpGACL?
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Authorization libraries
Yes. It was fairly straightforward to use as I recall. It uses ADOdb which may be a limitation. My project did ... so that simplified things.
(#10850)
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Authorization libraries
I've looked at both phpGACL and Zend_Acl (as we speak). I have even sat down and considered the best way to solve the problem, but could never convince myself of it's worth while.
I don't get it. Why not just setup a simple table with permission bits for each action (Create User, Remove User, Update User, etc) and store the table in an array/object/etc and check the bits with an IF statement -- which is what you have to do anyways I think.
Seems Zend_Acl wants to restrict access at an object level. I have never required such exacting control, it's more about page requests and actions.
You could easily wrap permission bits up into groups or roles even, so I fail to see the purpose of these libraries.
Anyone care to share their experiences? What am I missing?
I don't get it. Why not just setup a simple table with permission bits for each action (Create User, Remove User, Update User, etc) and store the table in an array/object/etc and check the bits with an IF statement -- which is what you have to do anyways I think.
Seems Zend_Acl wants to restrict access at an object level. I have never required such exacting control, it's more about page requests and actions.
You could easily wrap permission bits up into groups or roles even, so I fail to see the purpose of these libraries.
Anyone care to share their experiences? What am I missing?
Re: Authorization libraries
I use this solution:
viewtopic.php?f=50&t=81792
So, my roles permissions are defined for each controller object/method.
viewtopic.php?f=50&t=81792
So, my roles permissions are defined for each controller object/method.
There are 10 types of people in this world, those who understand binary and those who don't