NYCPHP Meetup

NYPHP.org

[nycphp-talk] What UserLogin/Auth mechanism do you use ?

felix zaslavskiy felix at students.poly.edu
Fri Dec 12 18:03:06 EST 2003 

I read the manual for phpGacl and its interesting stuff. 
It seems to be designed to give high grained permissions. Their administrative interface is hard to figure out.


I am thinking of a simpler Access Control List that is easier to administer.
We will have :
Actions, Objects, Groups , and Users
Each group contains of a list of Actions to Objects mappings. Each mapping signifies Allow and absence of it signifies Deny.
so for example:
Group Regular User { Read -> Pages }
Group Admin User { Read-> Pages, Modify-> Pages, Delete-> Pages }

This would work well if there is not so many Objects so we tread each module of the application as an Object.
 

On Fri, 12 Dec 2003 16:31:32 -0500
"Mark Armendariz" <nyphp at enobrev.com> wrote:

> So here's my thoughts for a permissions system.  Don't read below this if
> you're uninterested, but if you do, let me know if I'm on a good track or if
> I'm just plain nuts.
> 
> Tables:
> 
> users
> -----
> user_id
> group_id		// for a userS to group (either or, see below)
> Username, etc...
> 
> groups
> ------
> group_id
> parent_id
> group_title
> 
> x_users_groups	// for userS to groupS (either or, see above)
> --------------
> user_id
> group_id
> 
> sections
> --------
> section_id
> section_title
> 
> permissions
> -----------
> permission_id
> permission_title [read, write, view, update, delete, etc]
> 
> x_group_permissions
> -------------------
> section_id
> group_id
> permission_id
> precedence
> 
> user_perms
> ----------
> section_id
> user_id
> perm_id
> 
> 
> 
> Ex. Can_do('news', 'view', $login->get_user_id());
> 
> Function Can_do($section, $perm, $user_id) {
> 	
> 	// Check user perms if allowed (user perms get top priority) - if
> yes, return true
> 
> 	...
> 
> 	// Check user group perms if allowed (precedence field sets priority
> in case of multiple groups) - if yes return true
> 
> 	...
> 
> 	// Loop through groups and check parent(s), if yes, return true
> 
> 	...
> 
> 	return false
> }
> 
> 	
> That's the very basics I've got in ink.
> 
> Mark
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>

More information about the talk mailing list