[horde] [cvs] commit: framework/Auth package.xml framework/Auth/Auth ipmap.php

[Vilius Šumskas]

Hello Chuck,

Wednesday, May 9, 2007, 7:08:56 PM, you wrote:

> chuck       2007-05-09 12:08:56 EDT

>   Modified files:
>     Auth                 package.xml 
>   Removed files:
>     Auth/Auth            ipmap.php 
>   Log:
>   Kill ipmap Auth driver which has never been implemented or documented - I can't
>   even remember the details of how it was supposed to work now.

I actually have a question about this, or maybe it is more general
question about how composite driver works.

Basically I have a situation where I want to specify different
permissions for the intranet and extranet users. For example I want to
allow NOT logged in users from intranet to view Agora forums, but
extranet users should not see anything. But when both intranet and
extranet users login they should have permission to view and post
everywhere.

As far as I understood this is impossible with current composite driver
(even if ipmap driver would have been implemented), because
_horde_login_screen function returns onlye *one* of the drivers based on some
condition and does not perform "chained" authentication I need.

For now I've hacked Horde permission system like this
in Perms/datatree.php file in getPermissions function:

if (empty($user)) {
   if (substr($_SERVER['REMOTE_ADDR'], 0, 7) == '<myinneriprange>' ||
       $_SERVER['REMOTE_ADDR'] == '<mydmzaddress>') {
       return $permission->getGuestPermissions();
   } else {
       return false;
   }
}

But I wonder is there any other more convenient way to do this? What other
sysadmins with similar intranet/extranet installations do?

-- 
 Vilius