[dev] Customising Auth::isAdmin()

Vijay Mahrra vijay.mahrra at es.easynet.net
Tue Aug 26 09:00:15 PDT 2003 

Hi,

Our organisation uses an authentication driver based on the current Auth_ldap
class which retrieves extra attributes from our heavily customised ldap
schema, such as the groups a successfully logged in user belongs to.

One of the groups can be for 'webadmin' and we wanted to be able to give our
web administrators permission to administrate horde (via the horde
Administration side menu), without having to manually enter their login names
in the in the $conf['auth']['admins'] part of horde/config/conf.php

The way we made this possible was to add an extra method to our custom ldap
driver called _isAdmin which is checked for in the isAdmin function of
Auth.php.  A new capability was added for this - 'isadmin' which was set to
true in our custom ldap driver.

So just after the first line of the method isAdmin() in Auth.php we added the
following code:

        // call a custom _isAdmin subclass method if the capability exists
        $auth = &Auth::singleton($conf['auth']['driver']);
        if ($auth->hasCapability('isadmin')) {
            return $auth->_isAdmin($permission, $permlevel);
        }

We would like to contribute this back as it will give other administrators the
flexibility to write their own custom isAdmin checks.  Also, we noticed much
of the Auth.php is still using isset instead of array_key_exists, is this
intentional or has the team just not around to changing it yet?  For example,
the hasCapability function has one line:

        return !empty($this->capabilities[$capability]);

shouldn't it be

        if (array_key_exists($capability, $this->capabilities)) {
	    return !empty($this->capabilities[$capability];
        }
        return false

or something?

If these suggestions are not unreasonable, I can make the changes and supply a
diff against the present Auth.php.  Any feedback would be great, thanks.

Vijay

btw when is horde.org going to start selling t-shirts ;)
--
vijay mahrra                        office: +34 917894652
systems developer/administrator     mobile: +34 679993442
easynet españa (madrid)         http://www.es.easynet.net


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the dev mailing list