[horde] horde auth and perm questions

Chuck Hagenbuch chuck at horde.org
Mon Oct 22 13:56:13 PDT 2001 

Quoting Paul Wolstenholme <wolstena at sfu.ca>:

> 1. It appears that hored 1.3 will work with register_globals off. Is
> this true?

Yes. Anything that isn't is a bug.

> 2. I use the preauth in phplib to allow for institutional subscribers to
> a website to access the site based on client ip/domain. If the preauth
> method fails, the users goes through the the normail authentication
> process. Has this been done or could be done by extending the existing
> framework. 

It's something that'd be possible to do - writing an Auth_ip class shouldn't be
hard, and allowing for pre-auth stuff like that could be done in a general way.

> 3. Another feature I have taken advantage of with phplib is default_auth
> (when a user accesses page for the first time a default authentication
> object is created). Basically, I have used this in situation where a
> portion of script is executed depending on the user has a particular
> bundle of rights but do not want to force everyone to login or register.
> If a user would like to access the restricted components, they can
> login. 

You can easily break out which portion of your site is accessible to logged in
users and which is accessible to everyone... Horde doesn't wrap anything around
your pages that enforces the auth.

> 4. The perms seem to be based on location that does not have any
> dependencies on an particular object. The project I'm working on has a
> document model that I would like to tie in with a process model, and
> security model. Designing the security model has turned out to be
> tougher than I thought. 
> 
> Access would depend on ownership, roles/rights assigned to a user, and
> where the document is in the publishing process. For example, a newly
> submitted article would have read access by the owner and editor. Once
> the review process is complete, the article is also readable by
> subscribers. Once a certain time frame has expired, the article is
> accessible to everyone. 
> 
> The process model would also have to include CRUD attributes as well.
> Not just read rights. 
> 
> Is it possible to do the above with the horde perms class? Is there any
> disire to provide this type of functionality for any other horde
> projects? 

Right now? No. But the Perms framework needs a lot of fleshing out, and while
I'd need to read your requirements a bit closer to be sure, it all sounds like
generalizable stuff that'd be good to have.

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
"What was and what may be lie, like children whose faces we cannot see, in 
the arms of silence. All we ever have is here, now." - Ursula K. Le Guin

More information about the horde mailing list