[dev] Customising Auth::isAdmin()

Chuck Hagenbuch chuck at horde.org
Tue Aug 26 12:44:08 PDT 2003


Quoting Vijay Mahrra <vijay.mahrra at es.easynet.net>:

> So just after the first line of the method isAdmin() in Auth.php we added the
> following code:
>
>         // call a custom _isAdmin subclass method if the capability exists
>         $auth = &Auth::singleton($conf['auth']['driver']);
>         if ($auth->hasCapability('isadmin')) {
>             return $auth->_isAdmin($permission, $permlevel);
>         }
>
> We would like to contribute this back as it will give other administrators the
> flexibility to write their own custom isAdmin checks.

My worry with this is that it means instantiating an Auth object on every page
where there's an isAdmin() check, for non-super-admins. I'd prefer a solution
that didn't incur that overhead, if possible.

Another option would be to add a hook to the auth mechanism somewhere after
authentication that could add users onto $conf['auth']['admins'], and make
those changes persist with the session somehow... dunno.

> Also, we noticed much of the Auth.php is still using isset instead of
> array_key_exists, is this intentional or has the team just not around to
> changing it yet?

It is very much intentional and for good reasons.

> For example, the hasCapability function has one line:
>
>         return !empty($this->capabilities[$capability]);
>
> shouldn't it be
>
>         if (array_key_exists($capability, $this->capabilities)) {
> 	    return !empty($this->capabilities[$capability];
>         }
>         return false

Ugh, no. Why make those two calls? If the capability is set to null, then we
*want* to treat that as false there.

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
They're just looking at a wall of meat.


More information about the dev mailing list