Johan Solve Role based access control [Re: Content Management System with
Custom Web Applications]
Jan 20, 2010; 23:31
Johan Solve
Role based access control [Re: Content Management System with
Custom Web Applications]
I can't tell you how timely this is for my current project...
It will need a rather complex permission system and RBAC seems like perfect fit for it. I've done some quick reading and it looks like you're on the right track.
Some syntax suggestions for an MySQL implementation http://lists.mysql.com/internals/34377 For example CREATE ROLE role_name GRANT privilege TO role_name GRANT role_name TO user_name GRANT role_name TO role_name (for hierarchical roles) SET ROLE
I have yet to find examples of how a RBAC system can be represented/stored in a database. Hints are welcome.
At 01.24 -0800 2010-01-18, Steve Piercy - Web Site Builder wrote: >I do (4) already in the global config, but only for a binary state of either logged in or not. I want to expand it for arbitrary roles, which is different from an authenticated state. A role consists of zero or more actions that can be performed by zero or more groups upon a given resource. Actions include view, edit, delete or nothing. Groups include users that are anonymous, authenticated and assigned to zero or more groups, or no one. A resource could be a widget, module, page, collection of pages, or the entire site. > >The issue is how to keep the user's nav object in synch with the user's access rights. > >Thinking out loud, and after reading some stuff from PageBlocks: > >$my_resource->permissions // => map(groups=array(actions)) >$my_user->groups // => array(groups) > >So in order to determine whether a user can perform an action upon a resource, I came up with this little test: > >[ > var('resource_perms') = map( > 'admin'=array('read','add','edit','delete'), > 'editor'=array('read','add','edit'), > 'anon'=array('read') > ); > var('my_groups') = array('editor','anon'); > var('tmp') = array; > var('my_perms') = array; > > $tmp=(($resource_perms->keys->sort&)->intersection($my_groups->sort&)); > if($tmp->size > 0); > iterate($tmp,local('i')); > $my_perms = ($my_perms->sort&)->union($resource_perms->find(#i)->sort&); > '<br>'; > /iterate; > /if; > $my_perms; >] >=> array: (add), (edit), (read) > >Here I assume that permissions are additive. > >Currently in Knop, ->get/setpermission only works with an arbitrary action that a user can perform, but I don't see anywhere that says on what resources the action can be performed. > >So I imagine doing the following: >* add new user methods ->insertgroup, ->removegroup, ->groups (list the user's groups), ->resources (array of user's resources), ->resourceperms (array of the user's permissions on a given resource) >* create a new type, knop_resource >* create new resource methods ->insertrole, ->removerole, ->getrole(by name, index or -all) > >Which would allow me to synch up the nav object per user: > > if($user->resources >> $this_resource); > // add the resource to the nav object > /if; > >Comments? Questions? Suggestions?
-- Johan Sölve [FSA Member, Lasso Partner] Web Application/Lasso/FileMaker Developer MONTANIA SOFTWARE & SOLUTIONS http://www.montania.se mailto:joh-n@montania.se (spam-safe email address, replace '-' with 'a')
-- ############################################################# This message is sent to you because you are subscribed to the mailing list <knop@lists.montania.se>. To unsubscribe, E-mail to: <knop-off@lists.montania.se> Send administrative queries to <knop-request@lists.montania.se> List archive http://www.nabble.com/Knop-Framework-Discussion-f29076.html Project homepage http://montania.se/projects/knop/ Google Code has the latest downloads at http://code.google.com/p/knop/
Jan 21
Nikolaj de Fine Licht Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Jan 21, 2010; 02:22
Nikolaj de Fine Licht
Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Jan 21
Steve Piercy - Web Site Builder Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Jan 21, 2010; 03:17
Steve Piercy - Web Site Builder
Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Jan 21
Steve Piercy - Web Site Builder Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Jan 21, 2010; 07:07
Steve Piercy - Web Site Builder
Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Jan 21
Johan Solve Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Jan 21, 2010; 13:55
Johan Solve
Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Jan 21
Johan Solve Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Jan 21, 2010; 22:57
Johan Solve
Re: Role based access control [Re: Content Management System
with Custom Web Applications]
Search
Lasso Programming
This site manages and broadcasts several email lists pertaining to Lasso Programming and technologies related and used by Lasso developers. Sign up today!