canmove, Confirmed users, Bureaucrats and Sysops emeriti
1,043
edits
Update:Remora Permissions: Difference between revisions
no edit summary
No edit summary |
|||
| (9 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
== Backdrop == | == Backdrop == | ||
We tried to use db_acl, but the implementation meant too much overhead for our relatively simple requirements. Mainly we wanted to lock down access by group/role. We opted to go with the [http://www.thinkingphp.org/2006/10/03/a-lightweight-approach-to-acl-the-33-lines-of-magic/ 33 lines of magic] approach which is simpler by design and was [http://en.wikipedia.org/wiki/Mike_Shaver shaver]'s first preferred choice. Read the blog to see why it can get the job done even if it isn't completely normalized and abstracted. | We tried to use db_acl, but the implementation meant too much overhead for our relatively simple requirements. Mainly we wanted to lock down access by group/role. We opted to go with the [http://www.thinkingphp.org/2006/10/03/a-lightweight-approach-to-acl-the-33-lines-of-magic/ 33 lines of magic] approach which is simpler by design and was [http://en.wikipedia.org/wiki/Mike_Shaver shaver]'s first preferred choice. Read the blog to see why it can get the job done even if it isn't completely normalized and abstracted. | ||
See also: [[Update:Admins/Groups|AMO User Groups]] | |||
== Permissions == | == Permissions == | ||
Formatting permissions is a matter of entering Controller:action permissions in a comma delimited list in either User.rules or Group.rules. Examples would be: | Formatting permissions is a matter of entering Controller:action permissions in a comma delimited list in either User.rules or Group.rules. Examples would be: | ||
// Grants access to all Users and Groups controller actions. | // Grants access to all Users and Groups controller actions. | ||
| Line 33: | Line 29: | ||
// Check to see if the user has access to the entire Reviewers controller. | // Check to see if the user has access to the entire Reviewers controller. | ||
if ($this->SimpleAcl->actionAllowed('Reviewers','*')) { | if ($this->SimpleAcl->actionAllowed('Reviewers','*')) { | ||
// Do something | |||
} | |||
// Check to see if the user has access to ANY action in the Reviewers controller. | |||
if ($this->SimpleAcl->actionAllowed('Reviewers', '%')) { | |||
// Do something | // Do something | ||
} | } | ||
Normally this would be done in an action. I was not able to use this in a beforeFilter, because that would access member variables and functions not yet loaded. | Normally this would be done in an action. I was not able to use this in a beforeFilter, because that would access member variables and functions not yet loaded. | ||
* [[User:Fligtar|Fligtar]] 03:33, 30 March 2007 (PDT) If you want to use this in beforeFilter, just add this: | |||
$this->SimpleAuth->startup($this); | |||
$this->SimpleAcl->startup($this); | |||
== Disabling Permissions in Controllers == | == Disabling Permissions in Controllers == | ||
| Line 54: | Line 58: | ||
} | } | ||
== | == Controller Notepad == | ||
Controllers, actions and their permissions. | Controllers, actions and their permissions. | ||