[dev] [commits] Horde branch master updated. 5df37f9934afeee9f4741d41f92c06cfc4b39ca9
Jan Schneider
jan at horde.org
Mon Aug 24 19:04:58 UTC 2009
Zitat von Michael M Slusarz <slusarz at horde.org>:
> Quoting Jan Schneider <jan at horde.org>:
>
>>> I'll agree that guest access is broken with the old code. But
>>> this change makes things worse (especially #2). The proper fix
>>> probably lies in Horde_Auth_Application - the default
>>> transparent() authentication method, for apps that don't require
>>> any additional authentication, should do the proper guest
>>> permission checking there.
>>
>> That sounds awkward, permission checking is authorization, so it
>> shouldn't be done in the authentication code. How about having the
>> application report back to Horde_Auth_Application whether they
>> require authentication, and use that information? Or can we maybe
>> even already assume that having an 'authenticate' API method make
>> this a requirement?
>
> This is correct. The default is that applications don't need
> separate authentication. Once an application defines an
> authAuthenticate or authTransparent method, that alone should be
> sufficient to alert Horde_Auth_Application that further application
> authentication is needed.
>
>> That solution would involve a new
>> Horde_Auth::requireAuthentication() method.
>
> I assume you mean Horde_Auth_Application::requireAuthentication()?
> This doesn't make sense for any of the other auth drivers.
I was thinking of Horde_Auth, because we don't use an object instance
in the registry so far. At least not in the places we've been talking
about so far.
That would just be wrapper to Horde_Auth_Base/Application of course.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the dev
mailing list