[nycphp-talk] What UserLogin/Auth mechanism do you use ?
Mark Armendariz
nyphp at enobrev.com
Fri Dec 12 18:30:19 EST 2003
Hmm.. Seems similar to my quickie drawing (consider permissions table as
"Actions" and sections table as "Objects"), which in my mind at least, says
I'm on the right track. I tend to think better in database tables and data
relationships than in objects, I guess.
Thanks for giving it a look!
Mark
-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of felix zaslavskiy
Sent: Friday, December 12, 2003 6:03 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ?
I read the manual for phpGacl and its interesting stuff.
It seems to be designed to give high grained permissions. Their
administrative interface is hard to figure out.
I am thinking of a simpler Access Control List that is easier to administer.
We will have :
Actions, Objects, Groups , and Users
Each group contains of a list of Actions to Objects mappings. Each mapping
signifies Allow and absence of it signifies Deny.
so for example:
Group Regular User { Read -> Pages }
Group Admin User { Read-> Pages, Modify-> Pages, Delete-> Pages }
This would work well if there is not so many Objects so we tread each module
of the application as an Object.
On Fri, 12 Dec 2003 16:31:32 -0500
"Mark Armendariz" <nyphp at enobrev.com> wrote:
> So here's my thoughts for a permissions system. Don't read below this
> if you're uninterested, but if you do, let me know if I'm on a good
> track or if I'm just plain nuts.
>
> Tables:
>
> users
> -----
> user_id
> group_id // for a userS to group (either or, see below)
> Username, etc...
>
> groups
> ------
> group_id
> parent_id
> group_title
>
> x_users_groups // for userS to groupS (either or, see above)
> --------------
> user_id
> group_id
>
> sections
> --------
> section_id
> section_title
>
> permissions
> -----------
> permission_id
> permission_title [read, write, view, update, delete, etc]
>
> x_group_permissions
> -------------------
> section_id
> group_id
> permission_id
> precedence
>
> user_perms
> ----------
> section_id
> user_id
> perm_id
>
>
>
> Ex. Can_do('news', 'view', $login->get_user_id());
>
> Function Can_do($section, $perm, $user_id) {
>
> // Check user perms if allowed (user perms get top priority) - if
> yes, return true
>
> ...
>
> // Check user group perms if allowed (precedence field sets priority
> in case of multiple groups) - if yes return true
>
> ...
>
> // Loop through groups and check parent(s), if yes, return true
>
> ...
>
> return false
> }
>
>
> That's the very basics I've got in ink.
>
> Mark
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list