[dev] Patch for Applications Permissions

Chuck Hagenbuch chuck at horde.org
Wed Oct 1 11:26:40 PDT 2003


Quoting Joel Vandal <jvandal at infoteck.qc.ca>:

> Yesterday, I've begin to work on an Application Permission system for Horde
> Framework. After a few hours, I've come with a patch (see attachment) that
> allow me to control some permissions on each applications (ex. Gollem,
> Kronolith, Mnemo, ...)

Cool!

> Currently, you can set if the application will be accessible or not
> (_PERMS_SHOW) by Users and/or Groups. If the application is  added to the
> Application Permissions system and the user don't have permission to show
> the application, the app will not be visible on the menu (menu.php).

Sounds generally good. However, I think the patch as-is is overly complicated -
application.php is entirely duplicated from perms.php, and it shouldn't need to
be; and I don't see why you want to store the permissions in a different
category root than horde.perms?

I'd take the part of the patch that does the checks in menu.php (should be added
to sidebar.php as well) and just use that with standard permissions.

> In a future version, the system will be able to set permission by function
> and preferences setting.

I'm having trouble envisioning what you mean by this.

> Here is an example for Gollem of the modification to apply for deny access
> IF and ONLY IF the application is set on the Application Permissions and
> that the user have no right to this.:
>
> Index: lib/base.php
> ===================================================================
> RCS file: /repository/gollem/lib/base.php,v
> retrieving revision 1.37
> diff -r1.37 base.php
> 30a31,39
> > // Application Permissions system.
> > require_once HORDE_BASE . '/lib/Perms.php';
> > $appPerms = &Perms::singleton('horde.apps');
> > if ($appPerms->exists($registry->getApp())) {
> >     if (!$appPerms->hasPermission($registry->getApp(), Auth::GetAuth(),
> _PERMS_SHOW)) {
> >       Horde::authenticationFailureRedirect();
> >     }
> > }

This code should just be put into Registry::pushApp(), and should cause it to
return a PEAR_Error if it fails (for RPC/api call compatibility).

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
Born right the first time.


More information about the dev mailing list