[dev] [commits] Horde branch master updated. 5df37f9934afeee9f4741d41f92c06cfc4b39ca9
Michael M Slusarz
slusarz at horde.org
Mon Aug 24 18:03:36 UTC 2009
Quoting Jan Schneider <jan at horde.org>:
>> I'll agree that guest access is broken with the old code. But this
>> change makes things worse (especially #2). The proper fix probably
>> lies in Horde_Auth_Application - the default transparent()
>> authentication method, for apps that don't require any additional
>> authentication, should do the proper guest permission checking there.
>
> That sounds awkward, permission checking is authorization, so it
> shouldn't be done in the authentication code. How about having the
> application report back to Horde_Auth_Application whether they
> require authentication, and use that information? Or can we maybe
> even already assume that having an 'authenticate' API method make
> this a requirement?
This is correct. The default is that applications don't need separate
authentication. Once an application defines an authAuthenticate or
authTransparent method, that alone should be sufficient to alert
Horde_Auth_Application that further application authentication is
needed.
> That solution would involve a new Horde_Auth::requireAuthentication() method.
I assume you mean Horde_Auth_Application::requireAuthentication()?
This doesn't make sense for any of the other auth drivers.
michael
--
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the dev
mailing list