[nycphp-talk] phpGACL access control

Cliff Hirsch cliff at
Sun Aug 26 08:15:56 EDT 2007

On Sat, 25 Aug 2007 23:52:39 -0400, csnyder wrote
> On 8/24/07, Cliff Hirsch <cliff at> wrote:
> > > As for phpGACL, the feedback I got was that most ACLs out there are
> > > good at answering one question, from the following list:
> > >
> > > 1) "Can I access this object?"
> > > 2) "Who can access this object?"

> I think number 2 translates to things like "Who else can read posts 
> to this forum?" or "What developers have commit access" or even reports
> like "List all editors by site".
> -- 
> Chris Snyder

I was waiting for you to chime in here. Just re-read your RBAC chapter in Pro
PHP Security (AWESOME BOOK, BTW). Nice Hamptons beach reading. Its that or
Clive Cussler.

As I think about this, the problem is all the "locations". A front-end
controller can consolidate or automatically synthesize and manage locations.
But there could be soooo many. And it seems to me the presentation layer needs
a heck of a lot of if statements to hide sections, links, buttons, etc. if you
want to hide unaccessible stuff instead of a simple "not authorized" msg.

More information about the talk mailing list