[dev] Customising Auth::isAdmin()

Vijay Mahrra vijay.mahrra at es.easynet.net
Wed Aug 27 02:34:51 PDT 2003


: Date: Tue, 26 Aug 2003 15:44:08 -0400
: From: Chuck Hagenbuch <chuck at horde.org>
: Subject: Re: [dev] Customising Auth::isAdmin()
: To: dev at lists.horde.org
: Message-ID: <1061927048.6101824682d93 at marina.horde.org>
: Content-Type: text/plain; charset="ISO-8859-1"
:
: Quoting Chuck Hagenbuch <chuck at horde.org>:
:
: My worry with this is that it means instantiating an Auth object on every
page
: where there's an isAdmin() check, for non-super-admins. I'd prefer a
solution
: that didn't incur that overhead, if possible.

If the block of code I added was moved to the end of the method isAdmin()
would check first the $conf, then the horde permissions, and failing those,
then the custom _isAdmin, increasing overhead only for when all existing
admin checks fail.  However, you suggested...

: Another option would be to add a hook to the auth mechanism somewhere after
: authentication that could add users onto $conf['auth']['admins'], and make
: those changes persist with the session somehow... dunno.

...so I will have a look into this :) (btw i'm still finetuning and
experimenting with your last suggestion for using a hordeauth option with
IMP)

: Ugh, no. Why make those two calls? If the capability is set to null, then we
: *want* to treat that as false there.

My reasoning was that this way of extending capabilities doesn't require
having to alter the capabilities array in any other drivers or the parent
class.  Calling empty($this->capabilities[$capability])
assumes that $capability actually exists as a key in the $this->capabilities
array.  I was thinking that if a programmer extended the capabilities in a
custom driver, for example added the 'isadmin' capability I suggested, and
'isadmin' isn't listed in Auth.php's isAdmin() capabilities array an error
could occur (because the array key doesn't exist).

Vijay

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


More information about the dev mailing list