Hi list, thank to the wonderful people on this list.
I am planning a system that require access to the system based on
Role, i love the implementation in SMF(www.simplemachines.org) that
every modules can define there own role and but i don`t know how.
Users will be in group like Administrator, Editor, Manager etc (i have
seen such on Joomla) and each module can define the action each group
can perform e.g
An advertisement module will define something like 'Can add', 'Can
edit own', 'can edit any', etc.. i am wondering what the database
structure/PHP Class will look like.
I found a database Schema on Access Control at
http://www.databaseanswers.org/data_models/access_control/in dex.htm
but i can`t figure out the implementation in PHP.
Any idea will help.
--
Share with free mind!
Join the world largest open forum for hackers and programmers.
http://www.tuwana.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Role Based Access Control and Role Based Security
am 26.01.2010 01:49:16 von Phpster
I developed an implementation that combines roles with fine grained
access. Each role is given a set of permissions ( the current set is
global to the app, the next will be per application) in it, I specify
a db field ( varchar 255) that holds a binary permission scheme. I.E.
10011110100001111 etc where each value is an on / off 1/0 permission
set. This is mapped to a constant for each position so that each
module can have a set of permissions like ADD, DELETE etc.
This scheme then controls the menu / buttons to produce a workflow for
the application.
Bastien
On Monday, January 25, 2010, Abah Joseph wrote:
> Hi list, thank to the wonderful people on this list.
>
> I am planning a system that require access to the system based on
> Role, i love the implementation in SMF(www.simplemachines.org) that
> every modules can define there own role and but i don`t know how.
>
> Users will be in group like Administrator, Editor, Manager etc (i have
> seen such on Joomla) and each module can define the action each group
> can perform e.g
> An advertisement module will define something like 'Can add', 'Can
> edit own', 'can edit any', =A0etc.. i am wondering what the database
> structure/PHP Class will look like.
>
> I found a database Schema on Access Control at
> http://www.databaseanswers.org/data_models/access_control/in dex.htm
> but i can`t figure out the implementation in PHP.
> Any idea will help.
>
> --
> Share with free mind!
> Join the world largest open forum for hackers and programmers.
> http://www.tuwana.com
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--=20
Bastien
Cat, the other other white meat
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: Role Based Access Control and Role Based Security
am 26.01.2010 02:20:58 von Daevid Vincent
I implemented something like this in a NAC company I founded (Lockdown
Networks)...
//[dv] only set the TRUE values, FALSE is implied.=20
// OP_GLOBAL_ADMIN && OP_ADMINISTRATOR permissions are all
TRUE by default, no $role array needed (yet).
// follow the 'P_group_action' naming convention, check for
existing keys before creating new ones.
//[dv] When you create a new P_permission,=20
// add it to this OP_READONLY operator role so we have a
master list to reference.
$role[OP_READONLY] =3D array(
'P_about_button' =3D> TRUE,
'P_switch_delete' =3D> FALSE,
'P_switch_add' =3D> FALSE,
'P_switch_test' =3D> FALSE,
'P_switch_save' =3D> FALSE,
'P_ops_view' =3D> FALSE,
'P_vlan_add' =3D> FALSE,
'P_vlan_check' =3D> FALSE,
'P_vlan_save' =3D> FALSE,
'P_vlan_test' =3D> FALSE,
'P_device_audit' =3D> FALSE,
'P_device_add' =3D> FALSE,
'P_device_save' =3D> FALSE,
'P_device_import' =3D> FALSE,
'P_device_delete' =3D> FALSE,
...
/**
* Check the permissions of a given button to see if this operator (User) =
is
allowed to use it.
*=20
* @access public
* @param string $role array hash index
* @return boolean
* @author Daevid Vincent [daevid@]
* @since 4.6.0.0 (Folsom)
* @version 1.2
* @date 08/01/07
*/
function checkGUIPerms($index, $user =3D null)
{
global $role;
=09
if (!$user) $user =3D $_SESSION['user'];
//[dv] we have to call this out explicitly because the
OP_READONLY->is_admin() is true.
if ($user->type == OP_GLOBAL_ADMIN || $user->type ==
OP_ADMINISTRATOR) return true;
=09
return (($role[$user->type][$index] == TRUE) ? TRUE : FALSE);
}
Then in each web page, just do something like this:
The more astute people will notice that this doesn't lend itself to user
defined roles as they're all hard-coded, but in our case that's all we
needed. However, it could be expanded and written/read from a database =
with
the same concept. Say with a table of role types (Operator, Admin, User,
Custom, etc.) and another master table of "P_*" roles and a third to =
'join'
them. Pretty straight forward SQL.
The only trouble with the bitmask version Bastien mentions is that you =
have
to have a master bitmask map somewhere. Plus those numbers can get =
pretty
huge. A 255 character binary number is significant. Plus in a large
project, you can run out of space with 255 chars, the other SQL =
text/blob
column types are less efficient I'd think. But ultimately the concept is
the same as you're just using binary (true/false or 1/0) to determine if
someone has that particular grain of role flavored goodness.
ÐÆ5ÏÐ=20
"Some people, when confronted with a problem, think 'I know, I'll use
XML.'"
Now they have two problems.=20
> -----Original Message-----
> From: Bastien Koert [mailto:phpster@gmail.com]=20
> Sent: Monday, January 25, 2010 4:49 PM
> To: Abah Joseph
> Cc: php-db@lists.php.net
> Subject: Re: [PHP-DB] Role Based Access Control and Role=20
> Based Security
>=20
> I developed an implementation that combines roles with fine grained
> access. Each role is given a set of permissions ( the current set is
> global to the app, the next will be per application) in it, I specify
> a db field ( varchar 255) that holds a binary permission scheme. I.E.
> 10011110100001111 etc where each value is an on / off 1/0 permission
> set. This is mapped to a constant for each position so that each
> module can have a set of permissions like ADD, DELETE etc.
>=20
> This scheme then controls the menu / buttons to produce a workflow for
> the application.
>=20
> Bastien
>=20
> On Monday, January 25, 2010, Abah Joseph wrote:
> > Hi list, thank to the wonderful people on this list.
> >
> > I am planning a system that require access to the system based on
> > Role, i love the implementation in SMF(www.simplemachines.org) that
> > every modules can define there own role and but i don`t know how.
> >
> > Users will be in group like Administrator, Editor, Manager=20
> etc (i have
> > seen such on Joomla) and each module can define the action=20
> each group
> > can perform e.g
> > An advertisement module will define something like 'Can add', 'Can
> > edit own', 'can edit any', =A0etc.. i am wondering what the database
> > structure/PHP Class will look like.
> >
> > I found a database Schema on Access Control at
> > http://www.databaseanswers.org/data_models/access_control/in dex.htm
> > but i can`t figure out the implementation in PHP.
> > Any idea will help.
> >
> > --
> > Share with free mind!
> > Join the world largest open forum for hackers and programmers.
> > http://www.tuwana.com
> >
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>=20
> --=20
>=20
> Bastien
>=20
> Cat, the other other white meat
>=20
> --=20
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>=20
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Role Based Access Control and Role Based Security
I am doing same thing with you,And I found the following may help:
Zend framework has a package supporting Role based access
control,Zend_ACL
http://framework.zend.com/manual/en/zend.acl.html
Maybe this can help you.
2010/1/26 Abah Joseph
> Hi list, thank to the wonderful people on this list.
>
> I am planning a system that require access to the system based on
> Role, i love the implementation in SMF(www.simplemachines.org) that
> every modules can define there own role and but i don`t know how.
>
> Users will be in group like Administrator, Editor, Manager etc (i have
> seen such on Joomla) and each module can define the action each group
> can perform e.g
> An advertisement module will define something like 'Can add', 'Can
> edit own', 'can edit any', etc.. i am wondering what the database
> structure/PHP Class will look like.
>
> I found a database Schema on Access Control at
> http://www.databaseanswers.org/data_models/access_control/in dex.htm
> but i can`t figure out the implementation in PHP.
> Any idea will help.
>
> --
> Share with free mind!
> Join the world largest open forum for hackers and programmers.
> http://www.tuwana.com
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>