[mambo] Access Control Question
Ryan Ozimek
cozimek at picnet.net
Wed Jul 6 12:38:58 EDT 2005
Hans,
So, if I'm reading this right, these functions you have below can control
front-end access to components, such as those you're developing or adding
to, correct? I'm wondering if anyone has done this on the back-end as well.
It would be great to have some funcs I can drop into our homemade components
that will allow access to the components only if the administrator has the
right level of access in the backend permissions.
Did that make sense?
-Ryan
-----Original Message-----
From: mambo-bounces at lists.nyphp.org [mailto:mambo-bounces at lists.nyphp.org]
On Behalf Of Hans C. Kaspersetz
Sent: Wednesday, July 06, 2005 9:35 AM
To: NYPHP at nyphp.org; SIG at nyphp.org:Mambo
Subject: [mambo] Access Control Question
Over the last week I have been developing a site using components
developed by third parties. One of the biggest problems I have found is
the inconsistent or non-existent support of access controls in
components. Below you will find two functions I pulled from
com_comprofiler. I have been adding these functions to other components
like com_mtree and com_akoForms to control access to them. I am
interested to know if the Mambo core has functions that do what
allowAccess and userGID do? I would like to use Mambo core code and not
access control code placed in each component. I looked through the API
documentation on the Mambo site and nothing jumped out at me.
Also, is there a standard way component developers should implement
access control in their components? Has the Mambo team documented the
recommended implementation?
I regularly find it mind numbing that component developers charge for
incomplete or buggy components. For example, Mosets Tree offers no
access controls to their content. I emailed the developer and he said
that I should not post the link to the content, to control access.
Arrgg....... My one bit of gratitude is that I have to source and can
add access controls if I like and can submit the patches.
Thanks,
Hans
So here is the source:
/*************************************************************
* Mambo Community Builder
* Author MamboJoe
* @ Released under GNU/GPL License : http://www.gnu.org/copyleft/gpl.html
*************************************************************/
function allowAccess( $accessgroupid,$recurse, $usersgroupid, &$acl)
{
// "agroup:".$accessgroupid." ugroupid:".$usersgroupid." recurse
".$recurse;
if ($accessgroupid == -2 || ($accessgroupid == -1 && $usersgroupid
> 0) || $usersgroupid == 17 || $usersgroupid == 23|| $usersgroupid ==
24|| $usersgroupid == 25) {
//grant public access or access to all registered users
return 1;
}
else {
//need to do more checking based on more restrictions
if( $usersgroupid == $accessgroupid ) {
//direct match
return 1;
}
else {
if ($recurse=='RECURSE') {
//check if there are children groups
$groupchildern=array();
$groupchildren=$acl->get_group_children( $accessgroupid,
'ARO', $recurse );
if ( is_array( $groupchildren ) && count( $groupchildren
) > 0) {
if ( in_array($usersgroupid, $groupchildren) ) {
//match
return 1;
}
}
}
}
//deny access
return 0;
}
}
function userGID($oID){
global $database;
if($oID > 0) {
$query = "SELECT gid FROM #__users WHERE id = '".$oID."'";
$database->setQuery($query);
$gid = $database->loadResult();
return $gid;
}
else return 0;
}
_______________________________________________
New to Mambo? Get a great start here:
http://forum.mamboserver.com/showthread.php?t=42100
New York PHP SIG: Mambo Mailing List
AMP Technology
Supporting Apache, MySQL, PHP & Mambo!
http://lists.nyphp.org/mailman/listinfo/mambo
http://www.nyphp.org
More information about the Joomla
mailing list