[dev] Customising Auth::isAdmin()
Chuck Hagenbuch
chuck at horde.org
Tue Aug 26 12:44:08 PDT 2003
Quoting Vijay Mahrra <vijay.mahrra at es.easynet.net>:
> So just after the first line of the method isAdmin() in Auth.php we added the
> following code:
>
> // call a custom _isAdmin subclass method if the capability exists
> $auth = &Auth::singleton($conf['auth']['driver']);
> if ($auth->hasCapability('isadmin')) {
> return $auth->_isAdmin($permission, $permlevel);
> }
>
> We would like to contribute this back as it will give other administrators the
> flexibility to write their own custom isAdmin checks.
My worry with this is that it means instantiating an Auth object on every page
where there's an isAdmin() check, for non-super-admins. I'd prefer a solution
that didn't incur that overhead, if possible.
Another option would be to add a hook to the auth mechanism somewhere after
authentication that could add users onto $conf['auth']['admins'], and make
those changes persist with the session somehow... dunno.
> Also, we noticed much of the Auth.php is still using isset instead of
> array_key_exists, is this intentional or has the team just not around to
> changing it yet?
It is very much intentional and for good reasons.
> For example, the hasCapability function has one line:
>
> return !empty($this->capabilities[$capability]);
>
> shouldn't it be
>
> if (array_key_exists($capability, $this->capabilities)) {
> return !empty($this->capabilities[$capability];
> }
> return false
Ugh, no. Why make those two calls? If the capability is set to null, then we
*want* to treat that as false there.
-chuck
--
Charles Hagenbuch, <chuck at horde.org>
They're just looking at a wall of meat.
More information about the dev
mailing list