[dev] Re: Application Permissions (was Re: appLinks() and
Re:About permissions)
Jan Schneider
jan at horde.org
Fri Mar 28 13:34:04 PST 2003
Quoting Jeroen Huinink <j.huinink at wanadoo.nl>:
> "Marko Djukic" <marko at oblo.com> wrote:
> > Quoting Jeroen Huinink <j.huinink at wanadoo.nl>:
> > > Back to the original issue: defining permissions for applications.
> The
> > > obvious use for this is showing specific applications to specific
> users
> in
> > > the Horde menu. There are however also various user levels at the
> moment:
> > > admin, user, guest with different sets of capabilities.
> >
> > "admin" you can consider separate, it's what's set in the conf.php file
> and
> > should have total permissions.
>
> That's how it is at this moment. I was thinking that we could replace the
> 'admin' setting in the conf file through a generic permissions mechanism.
> I
> cannot think of reasons why we couldn't do this. And it seems to me that
> there is an advantage in that you have one mechanism to verify user
> access
> to a certain page or function, some pages require a user to have admin
> permissions.
The easiest way is probably to have three built-in, non-deletable groups (or
roles in your terms): admin, user and guest. By default all authenticated
users belong to the user group, non-authenticated to the guest group.
> > then the guest/user are essentially two different states - user has not
> logged
> > in, user has logged in - after which you can start fine tuning the
> permissions
> > based on user/groups.
>
> As for the guest users: at this moment the concept of a guest user is an
> unidentified user. I could image that you want to give some identified
> users
> the same access as an unidentified user. The unidentified user also gets
> a
> set of permissions, same as a logged in user. Within the generic
> framework
> you could state that an unidentified user has access level none (meaning
> guests are not allowed) or some other access level (e.g. a reporter level
> in
> whups).
See above.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
More information about the dev
mailing list