php - Access control and XHR requests -


i'm struggling access control implementation custom framework.

rbac granularity not needed decided go kind of acl resources controller actions.

here database structure:

users:

  • john
  • mary
  • greg

user_groups:

  • administrators
  • accountants
  • managers

users_to_user_groups:

  • john => administrators
  • mary => accountants
  • greg => managers

resources (controller actions):

  • users/edit
  • invoices/add
  • customers/delete

resources_to_user_groups:

  • users/edit => administrators
  • invoices/add => accountants
  • customers/delete => managers

and here [pseudo]code.

$user = new user; // logged in user ...  $acl = new acl($user);  $dispatcher = new dispatcher($acl);  $dispatcher->dispatch('users', 'new');  class dispatcher {     public function dispatch($controller, $action)     {         $permission = $controller . '/' . $action;          if(!$this->acl->isallowed($permission))         {             throw new accessdeniedexception("access denied");         }          // user authorized execute action, dispatch ...     } }

i liked approach... until realized there many xhr requests.

for example, invoice list uses xhr request total amount, order list uses xhr requests load order positions , other data etc.

so, there must resource grouping, example, new table resource_groups:

  • invoice list (invoices/list, invoices/xhr_get_total_amount)
  • order list (orders/list, orders/xhr_get_positons_for_order, orders/xhr_get_some_other_data)
  • add new user (users/new) # single action, new user entry form not use xhr requests

... , instead of assigning resources user groups, assign resource groups user groups.

feels complicated. correct way it? can improved? framework address problem?

i've been dealing same problem in past year , here's how tackled it.

first of used zend framework's acl library base engine tell me if user has access resource. zf supports user grouping , roles (including role hierarchy) don't need worry anymore.

putting user grouping , roles aside, next resource grouping zf not support internally (sadly). , believe part question concerns. yet can use zf , extend fit needs. need come grouping mechanism resources (flat or hierarchical). can make use of zf instructed in manual.

here's example on how it:

  1. construct acl engine , other basic objects:

    $acl = new zend_acl();  $acl->addrole(new zend_acl_role('guest'))     ->addrole(new zend_acl_role('member'))     ->addrole(new zend_acl_role('admin'));  $parents = array('guest', 'member', 'admin'); $acl->addrole(new zend_acl_role('someuser'), $parents);

  2. define resource grouping:

    $resources = array(     'group 1' => array(         'resource 1'         , 'resource 2'         , 'resource 3'     )     , 'group 2' => array(         'resource 1'         , 'resource 4'         , 'resource 5'     ) );

  3. introduce resources acl's engine:

    function addresource(zend_acl $acl, $resources, $groupname) {     foreach ($resources[$groupname] $resource) {         $acl->add(new zend_acl_resource($resource));     } }  addresource($acl, $resources, 'group 2');

  4. use acl's engine query permissions:

    echo $acl->isallowed('someuser', 'resource 1') ? 'allowed' : 'denied';

as can see didn't special here. new concept introduced here resources added acl engine different ones used query it. done layer before call zf's library calls query zf's acl still works.

i hope write down point of view clearly. , don't forget i'm trying give concept, need come actual implementation yourself.


Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

c++ - qgraphicsview horizontal scrolling always has a vertical delta -

Image
i've subclassed qgraphicsview custom canvas used in cad application. i've reimplemented qgraphicsview::wheelevent check keyboard modifiers control key and, if control key pressed, zoom. i'm trying implement horizontal scroll when user holds shift , uses wheel. the problem i'm having horizontal scrolling always scrolls 0.279. not huge problem, hugely annoying , points else being wrong. so, here questions: is right way implement horizontal scrolling? if not, is? how eliminate delta of 0.279? thanks in advance. code , sample output below void myview::zoom(int delta) { double factor = pow(1.2, delta/abs(delta)); this->scale(factor, factor); } void myview::scrollhorizontal(int level) { qpointf center = maptoscene(viewport()->rect().center()); qdebug() << "center: " << center.x() << ", " << center.y(); centeron(qpointf(center.x() - level, center.y())); } void myview::wheelevent(qwheeleve...
Read more