[dev] Re: feature interest

[Brian M Dube]

My changes work if the user is explicitly named in the permission, but 
not groups. I looked at Perms.php and didn't see a reason why the group 
check should fail. Any ideas?

Brian

===================================================================
RCS file: /usr/local/disk/cvsroot/www/horde/chora/lib/base.php,v
retrieving revision 1.1
retrieving revision 1.3
diff -u -r1.1 -r1.3
--- base.php    15 Jul 2003 21:06:31 -0000      1.1
+++ base.php    19 Jul 2003 07:37:35 -0000      1.3
@@ -47,6 +47,35 @@
      Horde::authenticationFailureRedirect();
  }

+// Check permissions for this user.
+$_allowed = false;
+
+if ($_perm_name = $registry->getParam('perm_name')) {
+    require_once HORDE_BASE . '/lib/Perms.php';
+    $_perms = &Perms::singleton();
+
+    if (is_array($_perm_name)) {
+        foreach ($_perm_name as $_perm) {
+            if ($_perms->hasPermission($_perm, Auth::getAuth(), 
_PERMS_READ)) {
+                $_allowed = true;
+                break;
+            }
+        }
+    } else {
+      // Not an array.
+        if ($_perms->hasPermission($_perm_name, Auth::getAuth(), 
_PERMS_READ)) {
+            $_allowed = true;
+        }
+    }
+} else {
+    // Permission restrictions not specified.
+    $_allowed = true;
+}
+
+if (!$_allowed) {
+    Chora::fatal('403 Forbidden', 'Forbidden by server configuration');
+}
+
  // Initialize objects, path, etc.
  Chora::init();


On Saturday, Jul 19, 2003, at 01:45 US/Central, Brian M Dube wrote:

> Should there be a flag in the registry for the name of the permission? 
> When I did this for groups, I used an array $allow_groups and checked 
> for this in the application's base library. Is there a way you prefer 
> over a registry flag?
>
> Brian
>
> Quoting "Chuck Hagenbuch" <chuck at horde.org>:
>
>> If it's done inside the framework (ideally using Perms, not just 
>> groups) and
>> cleanly, definitely submit it.
>>
>> -chuck